TP-Link TL-SG2424 Скачать руководство пользователя страница 564 | Manualshive

Страница: 564 / 771

background image

Configuration Guide 541

Configuring Network Security

Network Security

Figure 1-1

Network Topology of Basic DHCP Security

Switch

Trusted Port

Untrusted Port

Untrusted Port

Illegal DHCP Server

Clients

Legal DHCP Server

Additionally, with DHCP Snooping, the switch can monitor the IP address obtaining process
of each client host and record the IP address, MAC address, VLAN ID and the connected
port number of the host for automatic binding.



Option 82

Option 82 records the location of the DHCP client. The switch can add option 82 to the
DHCP request packet and then transmit the packet to the DHCP server. Administrators can
check the location of the DHCP client via option 82. The DHCP server supporting option 82
can also set the distribution policy of IP addresses and the other parameters, providing a
more flexible address distribution way.

ARP Inspection

In an actual complex network, there are high security risks during ARP implementation
procedure. The cheating attacks against ARP, such as imitating gateway, cheating gateway,
cheating terminal hosts and ARP flooding attack, frequently occur to the network. ARP
Inspection can prevent the network from these ARP attacks.



Prevent ARP Cheating Attacks

Based on the predefined IP-MAC Binding entries, the ARP Inspection can be configured to
detect the ARP packets and filter the illegal ones so as to prevent the network from ARP
cheating attacks.

«
...
562
563
564
565
566
...
»

Содержание TL-SG2424

Страница 1: ...Configuration Guide T1600G Series Switches T1600G 18TS T1600G 28TS TL SG2424 T1600G 52TS TL SG2452 T1600G 28PS TL SG2424P T1600G 52PS TL SG2452P 1910012255 REV2 1 1 Sept 2017...

Страница 2: ...with console port 11 Telnet Login 13 SSH Login 14 Disable Telnet login 18 Disable SSH login 19 Copy running config startup config 19 Change the Switch s IP Address and Default Gateway 20 Managing Syst...

Страница 3: ...Configuring the Reboot Schedule 48 Reseting the Switch 49 Using the CLI 49 Configuring the Boot File 49 Restoring the Configuration of the Switch 50 Backing up the Configuration File 51 Upgrading the...

Страница 4: ...the GUI 82 Using the CLI 84 Port Security Configuration 86 Using the GUI 86 Using the CLI 87 Port Isolation Configurations 90 Using the GUI 90 Using the CLI 91 Loopback Detection Configuration 93 Usi...

Страница 5: ...nfiguring Load balancing Algorithm 113 Configuring Static LAG or LACP 114 Configuration Example 118 Network Requirements 118 Configuration Scheme 118 Using the GUI 119 Using the CLI 120 Appendix Defau...

Страница 6: ...C Addresses in VLANs 143 Using the CLI 144 Configuring MAC Notification Traps 144 Limiting the Number of MAC Addresses in VLANs 145 Example for Security Configurations 147 Network Requirements 147 Con...

Страница 7: ...VLAN for the Port 170 Configuration Example 172 Network Requirements 172 Configuration Scheme 172 Using the GUI 173 Using the CLI 176 Appendix Default Parameters 179 Configuring Protocol VLAN Overvie...

Страница 8: ...l STP RSTP Parameters 215 Enabling STP RSTP Globally 216 MSTP Configurations 218 Using the GUI 218 Configuring Parameters on Ports in CIST 218 Configuring the MSTP Region 220 Configuring MSTP Globally...

Страница 9: ...IGMP Snooping Status 270 Configuring the Port s Basic IGMP Snooping Features 271 Enabling IGMP Snooping on the Port 271 Optional Configuring Fast Leave 271 Configuring IGMP Snooping in the VLAN 272 Co...

Страница 10: ...arameters Globally 285 Configuring Report Message Suppression 285 Configuring Unknown Multicast 286 Configuring IGMP Snooping Parameters on the Port 287 Configuring Router Port Time and Member Port Ti...

Страница 11: ...nooping Features 309 Enabling MLD Snooping on the Port 309 Optional Configuring Fast Leave 309 Configuring MLD Snooping in the VLAN 310 Configuring MLD Snooping Globally in the VLAN 310 Optional Confi...

Страница 12: ...ing Last Listener Query 327 Configuring MLD Snooping Parameters in the VLAN 328 Configuring Router Port Time and Member Port Time 328 Configuring Static Router Port 329 Configuring Forbidden Router Po...

Страница 13: ...for Configuring Unknown Multicast and Fast Leave 357 Network Requirement 357 Configuration Scheme 358 Using the GUI 358 Using the CLI 361 Example for Configuring Multicast Filtering 362 Network Requi...

Страница 14: ...Routing Configuration 394 Using the GUI 394 Using the CLI 395 Viewing Routing Table 397 Using the GUI 397 Viewing IPv4 Routing Table 397 Viewing IPv6 Routing Table 398 Using the CLI 398 Viewing IPv4...

Страница 15: ...eme 421 Using the GUI 422 Using the CLI 423 Appendix Default Parameters 425 Configuring ARP Overview 427 ARP Configurations 428 Using the GUI 428 Viewing the ARP Entries 428 Adding Static ARP Entries...

Страница 16: ...464 Using the GUI 465 Configuring OUI Addresses 465 Configuring Voice VLAN Globally 466 Configuring Voice VLAN Mode on Ports 467 Using the CLI 468 Configuration Example 471 Network Requirements 471 Co...

Страница 17: ...r PoE Configurations 504 Network Requirements 504 Configuring Scheme 504 Using the GUI 504 Using the CLI 506 Appendix Default Parameters 508 Configuring ACL ACL 510 Overview 510 Supported Features 510...

Страница 18: ...52 Using the GUI 552 Enabling DHCP Snooping on VLAN 552 Configuring DHCP Snooping on Ports 553 Optional Configuring Option 82 554 Using the CLI 555 Enabling DHCP Snooping on VLAN 555 Configuring DHCP...

Страница 19: ...figuring Login Account and Enable Password 591 Using the CLI 592 Globally Enabling AAA 592 Adding Servers 593 Configuring Server Groups 596 Configuring the Method List 597 Configuring the AAA Applicat...

Страница 20: ...DP MED Configurations 637 Using the GUI 637 Global Config 637 Port Config 638 Using the CLI 640 Global Config 640 Port Config 641 Viewing LLDP Settings 644 Using GUI 644 Viewing LLDP Device Info 644 V...

Страница 21: ...mory 675 Using the CLI 676 Monitoring the CPU 676 Monitoring the Memory 676 System Log Configurations 677 Using the GUI 678 Configuring the Local Log 678 Configuring the Remote Log 679 Backing up the...

Страница 22: ...Group 697 Creating SNMP Users 699 Creating SNMP Communities 700 Using the CLI 701 Enabling SNMP 701 Creating an SNMP View 703 Creating an SNMP Group 704 Creating SNMP Users 706 Creating SNMP Communit...

Страница 23: ...ory 725 Configuring Event 726 Configuring Alarm 728 Configuration Example 730 Network Requirements 730 Configuration Scheme 730 Network Topology 731 Using the GUI 731 Using the CLI 736 Appendix Defaul...

Страница 24: ...r demonstration only The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all stat...

Страница 25: ...s command can be used on three occasions bandwidth ingress ingress rate is used to restrict ingress bandwidth bandwidth egress egress rate is used to restrict egress bandwidth bandwidth ingress ingres...

Страница 26: ...Part 1 Accessing the Switch CHAPTERS 1 Overview 2 Web Interface Access 3 Command Line Interface Access...

Страница 27: ...nterface also called web interface in this text or using the CLI Command Line Interface There are equivalent functions in the web interface and the command line interface while web configuration is ea...

Страница 28: ...and the switch is available 2 Launch a web browser The supported web browsers include but are not limited to the following types IE 8 0 9 0 10 0 11 0 Firefox 26 0 27 0 Chrome 32 0 33 0 3 Enter the swi...

Страница 29: ...start up configuration file After you perform configurations on the sub interfaces and click Apply the modifications will be saved in the running configuration file The configurations will be lost wh...

Страница 30: ...de 7 Figure 2 4 Save Config 2 3 Disable the Web Server You can shut down the HTTP server or HTTPS server to block any access to the web interface Go to System Access Security HTTP Config disable the H...

Страница 31: ...ress of the VLAN which the access port belongs to Change the IP Address By default all the ports belong to VLAN 1 with the VLAN interface IP 192 168 0 1 The following example shows how to change the s...

Страница 32: ...xample shows how to configure the switch s gateway By default the switch has no default gateway 1 Go to page Routing Static Routing IPv4 Static Routing Config Configure the parameters related to the s...

Страница 33: ...e Access Distance Specify the distance as 1 2 Click Save Config to save the settings 3 Check the routing table to verify the default gateway you configured The entry marked in red box displays the val...

Страница 34: ...s Table 3 1 Method list Method Using Port Typical Applications Console Console port connected directly Hyper Terminal Telnet RJ 45 port CMD SSH RJ 45 port Putty 3 1 Console Login only for switch with...

Страница 35: ...LI Main Window 4 Enter enable to enter the User EXEC Mode to further configure the switch Figure 3 2 User EXEC Mode Note In Windows XP go to Start All Programs Accessories Communications Hyper Termina...

Страница 36: ...are in the same LAN Local Area Network Click Start and type in cmd in the Search bar and press Enter Figure 3 3 Open the cmd Window 2 Type in telnet 192 168 0 1 in the cmd window and press Enter Figu...

Страница 37: ...are required which are both admin by default Key Authentication Mode Recommended A public key for the switch and a private key for the client software PuTTY are required You can generate the public k...

Страница 38: ...d you can continue to configure the switch Figure 3 9 Log In to the Switch Key Authentication Mode 1 Open the PuTTY Key Generator In the Parameters section select the key type and enter the key length...

Страница 39: ...ould be between 512 and 3072 bits You can accelerate the key generation process by moving the mouse quickly and randomly in the Key section 2 After the keys are successfully generated click Save publi...

Страница 40: ...bove CLI v1 corresponds to SSH 1 RSA and v2 corresponds to SSH 2 RSA and SSH 2 DSA The key downloading process cannot be interrupted 4 After the public key is downloaded open PuTTY and go to the Sessi...

Страница 41: ...g in If you can log in without entering the password the key authentication completed successfully Figure 3 15 Log In to the Switch 3 4 Disable Telnet login You can shut down the Telnet function to bl...

Страница 42: ...Switch config no ip ssh server 3 6 Copy running config startup config The switch s configuration files fall into two types the running configuration file and the start up configuration file After you...

Страница 43: ...replace the switch s default access IP address 192 168 0 1 24 with 192 168 0 10 24 Switch configure Switch config interface vlan 1 Switch config if ip address 192 168 0 10 255 255 255 0 The connectio...

Страница 44: ...ing System CHAPTERS 1 System 2 System Info Configurations 3 User Management Configurations 4 System Tools Configurations 5 Access Security Configurations 6 SDM Template Configuration 7 Appendix Defaul...

Страница 45: ...figuration file of the switch With these tools you can configure the boot file of the switch backup and restore the configurations of the switch update the firmware reset the switch and reboot the swi...

Страница 46: ...e function with SSH is similar to a telnet connection but SSH can provide information security and powerful authentication SDM Template The switch SDM Switch Database Management templates prioritize s...

Страница 47: ...Viewing the System Summary Choose the menu System System Info System Summary to load the following page Figure 2 1 Viewing the System Summary Port Status Indication Indicates that the corresponding 10...

Страница 48: ...ion Port Displays the port number of the switch Type Displays the type of the port Speed Displays the maximum transmission rate of the port Status Displays the connection status of the port Click a po...

Страница 49: ...1 In the Device Description section specify the following information Device Name Enter the name of the switch Device Location Enter the location of the switch System Contact Enter the contact inform...

Страница 50: ...he time of the system Get Time from NTP Server Set the system time by getting time from NTP server Make sure the NTP server is accessible on your network If the NTP server is on the Internet connect t...

Страница 51: ...efined Mode If you select Predefined Mode choose a predefined DST schedule for the switch USA Select the Daylight Saving Time of the USA It is from 2 00 a m on the Second Sunday in March to 2 00 a m o...

Страница 52: ...rval between start time and end time should be more than 1 day and less than 1 year 365 days End Time Specify the end time of Daylight Saving Time The interval between start time and end time should b...

Страница 53: ...l Number Running Time 2 day 4 hour 55 min 36 sec 2 2 2 Specifying the Device Description Follow these steps to specify the device description Step 1 configure Enter global configuration mode Step 2 ho...

Страница 54: ...evice name as Switch_A set the location as BEIJING and set the contact information as http www tp link com Switch configure Switch config hostname Switch_A Switch config location BEIJING Switch config...

Страница 55: ...e valid value of the year ranges from 2000 to 2037 Use the following command to set the system time by getting time from the NTP server system time ntp timezone ntp server backup ntp server fetching r...

Страница 56: ...Athens Bucharest Amman Beirut Jerusalem UTC 03 00 TimeZone for Kuwait Riyadh Baghdad UTC 03 30 TimeZone for Tehran UTC 04 00 TimeZone for Moscow St Petersburg Volgograd Tbilisi Port Louis UTC 04 30 T...

Страница 57: ...how to set the system time by Get Time from NTP Server and set the time zone as UTC 08 00 set the NTP server as 133 100 9 2 set the backup NTP server as 139 78 100 163 and set the update rate as 11 S...

Страница 58: ...week of Daylight Saving Time There are 5 values showing as follows first second third fourth last sday Enter the start day of Daylight Saving Time There are 7 values showing as follows Sun Mon Tue We...

Страница 59: ...Saving Time in the format of HH MM eyear Enter the end year of Daylight Saving Time offset Enter the offset of Daylight Saving Time The default value is 60 Step 3 show system time dst Verify the DST i...

Страница 60: ...1 Creating Admin Accounts Choose the menu System User Management User Config to load the following page Figure 3 1 Create Admin Accounts Follow these steps to create an Admin account 1 In the User In...

Страница 61: ...symbols You can use digits English letters case sensitive underscore and sixteen special characters Confirm Password Retype the password 2 Click Create 3 1 2 Creating Accounts of Other Types You can c...

Страница 62: ...ght to edit or modify Password Type a password for users login It is a string from 1 to 31 alphanumeric characters or symbols You can use digits English letters case sensitive underscore and sixteen s...

Страница 63: ...nfiguration file symmetric encrypted encrypted password Enter a symmetric encrypted password with fixed length which you can copy from another switch s configuration file After the encrypted password...

Страница 64: ...Save the settings in the configuration file 3 2 2 Creating Accounts of Other Types You can create accounts with the access level of Operator Power user and User here You also need to go to the AAA se...

Страница 65: ...iguration file After the encrypted password is configured you should use the corresponding unencrypted password to reenter this mode Use the following command to create an account MD5 encrypted user n...

Страница 66: ...ed enable admin secret 0 password 5 encrypted password Create an Enable Password It can change the users access level to Admin By default it is empty 0 Specify the encryption type 0 indicates that the...

Страница 67: ...set the password as 123 Enable AAA function and set the enable password as abc123 Switch configure Switch config user name user1 privilege operator password 123 Switch config aaa enable Switch config...

Страница 68: ...the configuration file Upgrade the firmware Reboot the switch Configure the reboot schedule Reset the switch 4 1 Using the GUI 4 1 1 Configuring the Boot File Choose the menu System System Tools Boot...

Страница 69: ...rtup and backup image should not be the same 2 Click Apply 4 1 2 Restoring the Configuration of the Switch Choose the menu System System Tools Config Restore to load the following page Figure 4 2 Rest...

Страница 70: ...grading the Firmware Choose the menu System System Tools Firmware Upgrade to load the following page Figure 4 4 Upgrading the Firmware In the Firmware Upgrade section select one file and click Upgrade...

Страница 71: ...System Reboot section select the desired unit and click Reboot Target Unit Select the desired unit to reboot By default it is ALL Unit Save Config Select this option to save the configuration before...

Страница 72: ...o reboot in the format of DD MM YYYY The date should be within 30 days Save Before Reboot Select to save the switch s configurations before it reboots 4 1 7 Reseting the Switch Choose the menu System...

Страница 73: ...startup image as image 1 and set the backup image as image 2 Switch configure Switch config boot application filename image1 startup Switch config boot application filename image2 backup Switch config...

Страница 74: ...Configuration File Follow these steps to back up the current configuration of the switch in a file Step 1 enable Enter privileged mode Step 2 copy startup config tftp ip address ip addr filename name...

Страница 75: ...ue then enter Y to reboot The following example shows how to upgrade the firmware using the configuration file named file3 bin The TFTP server is 190 168 0 100 Switch enable Switch firmware upgrade ip...

Страница 76: ...e format of DD MM YYYY The date should be within 30 days save_before_reboot Save the configuration file before the switch reboots If no date is specified the switch reboots according to the time you h...

Страница 77: ...em Tools Configurations 4 2 7 Reseting the Switch Follow these steps to reset the switch Step 1 enable Enter privileged mode Step 2 reset Reset the switch Note After the system is reset configurations...

Страница 78: ...Security Access Control to load the following page Figure 5 1 Configuring the Access Control 1 In the Access Control section select one control mode and specify the parameters Control Mode Select the...

Страница 79: ...Address Mask If you select IP based mode enter the IP address and mask to specify an IP range Only the users within this IP range can access the switch MAC Address If you select MAC based mode specify...

Страница 80: ...e Session Timeout and click Apply Session Timeout The system will log out automatically if users do nothing within the Session Timeout time 3 In the Access User Number section select Enable and specif...

Страница 81: ...to load the following page Table 5 1 Configuring the HTTPS Function 1 In the Global Config section select Enable to enable HTTPS function and select the protocol the switch supports Click Apply HTTPS...

Страница 82: ...e digest RSA_ WITH_3DES_ EDE_CBC_SHA Key exchange with 3DES and DES EDE3 CBC for message encryption and SHA for message digest 3 In the Session Config section specify the Session Timeout and click App...

Страница 83: ...5 3 Configuring the SSH Feature 1 In the Global Config section select Enable to enable SSH function and specify other parameters SSH Select Enable to enable the SSH function SSH is a protocol working...

Страница 84: ...orresponding type is used for both key generation and authentication Key File Select the desired public key to download to the switch The key length of the downloaded file ranges of 512 to 3072 bits N...

Страница 85: ...to control the users access by limiting the ports connected to the users user access control port based interface fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list snmp t...

Страница 86: ...n num guest num Specify the maximum number of users that are allowed to connect to the HTTP server The total number of users should be no more than 16 For T1600G 18TS the number of Operator Power User...

Страница 87: ...switch supports SSLv3 and TLSv1 ssl3 Enable the SSL version 3 protocol SSL is a transport protocol It can provide server authentication encryption and message integrity to allow secure HTTP connection...

Страница 88: ...the SSL certificate which ranges from 1 to 25 characters The certificate must be BASE64 encoded The SSL certificate and key downloaded must match each other ip addr Specify the IP address of the TFTP...

Страница 89: ...key OK Switch config show ip http secure server HTTPS Status Enabled SSL Protocol Level s ssl3 tls1 SSL CipherSuite 3des ede cbc sha HTTPS Session Timeout 15 HTTPS User Limitation Enabled HTTPS Max A...

Страница 90: ...y the data integrity algorithm you want the switch supports Step 7 ip ssh download v1 v2 key file ip address ip addr Select the type of the key file and download the desired file to the switch from TF...

Страница 91: ...download v2 publickey ip address 192 168 0 100 Start to download SSH key file Download SSH key file OK Switch config show ip ssh Global Config SSH Server Enabled Protocol V1 Enabled Protocol V2 Enabl...

Страница 92: ...5 2 5 Enabling the Telnet Function Follow these steps enable the Telnet function Step 1 configure Enter global configuration mode Step 2 telnet enable Enable the telnet function By default it is enabl...

Страница 93: ...SDM Template Function In Select Options section select one template and click Apply The setting will be effective after the reboot Current Template ID Displays the template currently in effect Next Te...

Страница 94: ...al configuration mode Step 2 show sdm prefer used default enterpriseV4 enterpriseV6 View the template table to select the desired template used Displays the resource allocation of the current template...

Страница 95: ...prefer enterpriseV4 enterpriseV4 template number of IP ACL Rules 120 number of MAC ACL Rules 84 number of Combined ACL Rules 0 number of IPV6 ACL Rules 0 number of IPV6 Source Guard Entries 0 number...

Страница 96: ...ter Default Setting Time Source Manual System Time 2006 01 01 08 01 56 Sunday Table 7 3 Default Settings of Daylight Saving Time Configuration Parameter Default Setting DST status Disabled Default set...

Страница 97: ...ble 7 8 Default Settings of HTTPS Configuration Parameter Default Setting HTTPS Enabled SSL Version 3 Enabled TLS Version 1 Enabled RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_RC4_128_SHA Enabled RSA_WITH_D...

Страница 98: ...Key Type SSH 2 RSA DSA Table 7 10 Default Settings of Telnet Configuration Parameter Default Setting Control Mode Enabled Default settings of SDM Template are listed in the following table Table 7 11...

Страница 99: ...Interfaces CHAPTERS 1 Physical Interface 2 Basic Parameters Configurations 3 Port Mirror Configuration 4 Port Security Configuration 5 Port Isolation Configurations 6 Loopback Detection Configuration...

Страница 100: ...ode duplex mode flow control and other basic parameters for ports Port Mirror This function allows the switch to forward packet copies of the monitored ports to a specific monitoring port Then you can...

Страница 101: ...MTU Maximum Transmission Unit size for frames globally as needed The valid values are from 1518 to 9216 bytes and the default is 1518 bytes For other T1600G series switches you can enable or disable...

Страница 102: ...device The default setting is Auto Flow Control With this option enabled the switch synchronizes the data transmission speed with the peer device thus avoiding the packet loss caused by congestion By...

Страница 103: ...ice connected to the port should be in the same speed and duplex mode with the port When auto is selected the duplex mode will be determined by auto negotiation flow control Enable the switch to synch...

Страница 104: ...fig if description router connection Switch config if speed auto Switch config if duplex auto Switch config if flow control Switch config if jumbo Switch config if show interface configuration gigabit...

Страница 105: ...t Mirror Configuration 3 1 Using the GUI Choose the menu Switching Port Port Mirror to load the following page Figure 3 1 Mirror Session List The above page displays a mirror session and no more sessi...

Страница 106: ...Source Port section select one or multiple monitored ports for configuration Then set the parameters and click Apply UNIT 1 LAGS Click 1 to select physical ports Click LAGS to select LAGs Ingress Wit...

Страница 107: ...e Set the monitored ports session_num The monitor session number It can only be specified as 1 port list List of monitored port It is multi optional mode The monitor mode There are three options rx tx...

Страница 108: ...cal Interfaces Port Mirror Configuration Configuration Guide 85 Destination Port Gi1 0 10 Source Ports Ingress Gi1 0 1 3 Source Ports Egress Gi1 0 1 3 Switch config if end Switch copy running config s...

Страница 109: ...Select one or multiple ports for security configuration 2 Specify the maximum number of the MAC addresses that can be learned on the port and then select the learn mode of the MAC addresses Max Learn...

Страница 110: ...n be selected Drop When the number of learned MAC addresses reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned Forward When the num...

Страница 111: ...es reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned forward When the number of learned MAC addresses reaches the limit the port w...

Страница 112: ...Managing Physical Interfaces Port Security Configuration Configuration Guide 89 Switch config if end Switch copy running config startup config...

Страница 113: ...gurations 5 Port Isolation Configurations 5 1 Using the GUI Choose the menu Switching Port Port Isolation to load the following page Figure 5 1 Port Isolation List The above page displays the port iso...

Страница 114: ...global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode Step 3 port isolation...

Страница 115: ...hows how to add ports 1 0 1 3 and LAG 4 to the forward list of port 1 0 5 Switch configure Switch config interface gigabitEthernet 1 0 5 Switch config if port isolation gi forward list 1 0 1 3 po forw...

Страница 116: ...Configuring QoS Choose the menu Switching Port Loopback Detection to load the following page Figure 6 1 Loopback Detection Follow these steps to configure loopback detection 1 In the Global Config sec...

Страница 117: ...and generate an entry on the log file It is the default setting Port Based When a loop is detected the switch will send a trap message and generate an entry on the log file In addition the switch wil...

Страница 118: ...here are two modes alert When a loop is detected the switch will send a trap message and generate an entry on the log file It is the default setting port based When a loop is detected the switch will...

Страница 119: ...ollowing example shows how to enable loopback detection of port 1 0 3 and set the process mode as alert and recovery mode as auto Switch configure Switch config interface gigabitEthernet 1 0 3 Switch...

Страница 120: ...Configuration Scheme To implement this requirement you can configure port mirror to copy the packets from ports 1 0 2 5 to port 1 0 1 The overview of configuration is as follows 1 Specify ports 1 0 2...

Страница 121: ...ort section select port 1 0 1 as the monitoring port and click Apply Figure 7 3 Destination Port Configuration 3 In the Source Port section select ports 1 0 2 5 as the monitored ports and enable Ingre...

Страница 122: ...h show monitor session 1 Monitor Session 1 Destination Port Gi1 0 1 Source Ports Ingress Gi1 0 2 5 Source Ports Egress Gi1 0 2 5 7 2 Example for Port Isolation 7 2 1 Network Requirements As shown belo...

Страница 123: ...the other hosts Demonstrated with T1600G 52TS the following sections provide configuration procedure in two ways using the GUI and using the CLI 7 2 3 Using the GUI 1 Choose the menu Switching Port P...

Страница 124: ...4 Using the CLI Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if port isolation gi forward list 1 0 4 Switch config if end Switch copy running config startup config Ver...

Страница 125: ...port on which a loop is detected Figure 7 8 Network Topology Switch A Management Host Access layer Switches Gi1 0 1 Gi1 0 2 Loop Gi1 0 3 7 3 2 Configuration Scheme Enable loopback detection on ports...

Страница 126: ...me Click Apply Figure 7 10 Port Configuration 4 Monitor the detection result on the above page The Loop status and Block status are displayed on the right side of ports 7 3 4 Using the CLI 1 Enable lo...

Страница 127: ...nfiguration Verify the global configuration Switch show loopback detection global Loopback detection global status enable Loopback detection interval 30 s Loopback detection recovery time 90 s Verify...

Страница 128: ...er Default Setting Port Config Type Copper Status Enable Speed Auto Duplex Auto Flow Control Disable Jumbo Disable Port Mirror Ingress Disable Egress Disable Port Security Max Learned MAC 64 Learned N...

Страница 129: ...Configuration Guide 106 Managing Physical Interfaces Appendix Default Parameters Parameter Default Setting Port Status Disable Operation mode Alert Recovery mode Auto...

Страница 130: ...Part 4 Configuring LAG CHAPTERS 1 LAG 2 LAG Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 131: ...ure the backup ports to enhance the connection reliability 1 2 Supported Features You can configure LAG in two ways static LAG and LACP Link Aggregation Control Protocol Static LAG The member ports ar...

Страница 132: ...e LACP does not support half duplex links One static LAG supports up to eight member ports All the member ports share the traffic evenly If an active link fails the other active links share the traffi...

Страница 133: ...MAC addresses of the packets SRC IP The computation is based on the source IP addresses of the packets DST IP The computation is based on the destination IP addresses of the packets SRC IP DST IP The...

Страница 134: ...ame LAG mode Configuring Static LAG Choose the menu Switching LAG Static LAG to load the following page Figure 2 3 Static LAG Follow these steps to configure the static LAG 1 In the LAG Config section...

Страница 135: ...gher priority will determine its active ports and the other device can select its active ports according to the selection result of the device with higher priority If the two ends have the same system...

Страница 136: ...ne end of the link is configured as Active Status Enable the LACP function of the port By default it is disabled 2 2 Using the CLI 2 2 1 Configuring Load balancing Algorithm Follow these steps to conf...

Страница 137: ...Load Balancing Addresses Used Per Protocol Non IP Source XOR Destination MAC address IPv4 Source XOR Destination MAC address IPv6 Source XOR Destination MAC address Switch config end Switch copy runn...

Страница 138: ...config interface range gigabitEthernet 1 0 5 8 Switch config if range channel group 2 mode on Switch config if range show etherchannel 2 summary Flags D down P bundled in port channel U in use I stand...

Страница 139: ...you need to select LACP mode active or passive In LACP the switch uses LACPDU Link Aggregation Control Protocol Data Unit to negotiate the parameters with the peer end In this way the two ends select...

Страница 140: ...as active Switch configure Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range channel group 6 mode active Switch config if range show lacp internal Flags S Device is requesti...

Страница 141: ...o avoid traffic bottleneck between the servers and Switch B you also need to configure LAG on them to increase link bandwidth Here we mainly introduce the LAG configuration between the two switches Fi...

Страница 142: ...as SRC MAC DST MAC Figure 3 2 Global Configuration 2 Choose the menu Switching LAG LACP Config to load the following page In the Global Config section specify the system priority of Switch A as 0 and...

Страница 143: ...Switch configure Switch config port channel load balance src dst mac 2 Specify the system priority of Switch A as 0 Remember to ensure that the system priority value of Switch B is bigger than 0 Switc...

Страница 144: ...e priority of this port is lower than port 1 0 9 Switch config interface gigabitEthernet 1 0 10 Switch config if channel group 1 mode active Switch config if lacp port priority 2 Switch config if end...

Страница 145: ...uring LAG Configuration Example Gi1 0 5 SA Down 0 0x1 0 0x5 0x45 Gi1 0 6 SA Down 0 0x1 0 0x6 0x45 Gi1 0 7 SA Down 0 0x1 0 0x7 0x45 Gi1 0 8 SA Down 0 0x1 0 0x8 0x45 Gi1 0 9 SA Down 1 0x1 0 0x9 0x45 Gi1...

Страница 146: ...Default Parameters Default settings of Switching are listed in the following tables Table 4 1 Default Settings of LAG Parameter Default Setting LAG Table Hash Algorithm SRC MAC DST MAC LACP Config Sys...

Страница 147: ...Part 5 Monitoring Traffic CHAPTERS 1 Traffic Monitor 2 Appendix Default Parameters...

Страница 148: ...ry to load the following page Figure 1 1 Traffic Summary Follow these steps to view the traffic summary of each port 1 To get the real time traffic summary enable auto refresh in the Auto Refresh sect...

Страница 149: ...f octets transmitted on the port Error octets are counted in Statistics Click this button to view the detailed traffic statistics of the port 1 1 2 Viewing the Traffic Statistics in Detail Choose the...

Страница 150: ...f the received packets including error packets that are 64 bytes long Pkts65to127Octets Displays the number of the received packets including error packets that are between 65 and 127 bytes long Pkts1...

Страница 151: ...tted on the port Error frames are not counted in Alignment Errors Displays the number of the received packets that have a Frame Check Sequence FCS with a non integral octet Alignment Error The size of...

Страница 152: ...Configuration Guide 129 2 Appendix Default Parameters Table 2 1 Traffic Statistics Monitoring Parameter Default Setting Traffic Summary Auto Refresh Disable Refresh Rate 10 seconds Traffic Statistics...

Страница 153: ...Part 6 Managing MAC Address Table CHAPTERS 1 MAC Address Table 2 Address Configurations 3 Security Configurations 4 Example for Security Configurations 5 Appendix Default Parameters...

Страница 154: ...an add or remove these entries to your needs Furthermore you can configure notification traps and limit the number of MAC addresses in a VLAN for traffic safety Address Configurations Dynamic address...

Страница 155: ...the MAC address change activity For example you can configure the switch to send you notifications when new users access the network Limiting the Number of MAC Addresses in VLANs You can configure VL...

Страница 156: ...sing the GUI 2 1 1 Adding Static MAC Address Entries You can add static MAC address entries by manually specifying the desired MAC address or binding dynamic MAC address entries Adding MAC Addresses M...

Страница 157: ...2 Click Create Binding Dynamic Address Entries Choose the menu Switching MAC Address Dynamic Address to load the following page Figure 2 2 Binding Dynamic MAC Address Entries Follow these steps to bi...

Страница 158: ...desired length of time Auto Aging Enable Auto Aging then the switch automatically updates the dynamic address table with the aging mechanism By default it is enabled Aging Time Set the length of time...

Страница 159: ...Address Specify a MAC address to configure the switch to drop packets which include this MAC address as the source address or destination address VLAN ID Specify an existing VLAN in which packets with...

Страница 160: ...address table static mac addr vid vid interface gigabitEthernet port Bind the MAC address VLAN and port together to add a static address to the VLAN mac addr Enter the MAC address and packets with th...

Страница 161: ...tatic MAC address entry with MAC address 00 02 58 4f 6c 23 VLAN 10 and port 1 When a packet is received in VLAN 10 with this address as its destination the packet will be forwarded only to port 1 Swit...

Страница 162: ...aging time to 500 seconds A dynamic entry remains in the MAC address table for 500 seconds after the entry is used or updated Switch configure Switch config mac address table aging time 500 Switch con...

Страница 163: ...filtering addresses The following example shows how to add the MAC filtering address 00 1e 4b 04 01 5d to VLAN 10 Then the switch will drop the packet that is received in VLAN 10 with this address as...

Страница 164: ...y configurations With security configurations of the MAC address table you can Configure MAC notification traps Limit the number of MAC addresses in VLANs 3 1 Using the GUI 3 1 1 Configuring MAC Notif...

Страница 165: ...s notification traps You can enable these three types Learned Mode Change Exceed Max Learned and New MAC Learned Click Apply Learned Mode Change Enable Learned Mode Change and when the learned mode of...

Страница 166: ...n control the available address table space by setting maximum learned MAC number for VLANs However an improper maximum number can cause unnecessary floods in the network or a waste of address table s...

Страница 167: ...Ethernet port that you want to configure notification traps Step 6 mac address table notification learn mode change enable disable exceed max learned enable disable new mac learned enable disable Enab...

Страница 168: ...onfig mac address table notification global status enable Switch config mac address table notification interval 10 Switch config interface gigabitEthernet 1 0 1 Switch config if mac address table noti...

Страница 169: ...number of MAC addresses in the specified VLAN is exceeded forward Packets of new source MAC addresses will be forwarded but the addresses not learned when the maximum number of MAC addresses in the sp...

Страница 170: ...rk with notifications of any new access users Figure 4 1 The Network Topology Gi1 0 1 Gi1 0 3 Gi1 0 2 R D Department VLAN 30 Marketing Department VLAN 10 Switch Internet 4 2 Configuration Scheme VLAN...

Страница 171: ...the maximum number of MAC address in VLAN 10 as 100 choose drop mode and click Create Figure 4 2 Configuring VLAN Security 2 Choose the menu Switching MAC Address MAC Notification to load the followi...

Страница 172: ...global status enable Switch config mac address table notification interval 10 Switch config interface gigabitEthernet 1 0 2 Switch config if mac address table notification new mac learned enable Switc...

Страница 173: ...ltering Address Entries None Table 5 2 Default Settings of Dynamic Address Table Parameter Default Setting Auto Aging Enable Aging Time 300 seconds Table 5 3 Default Settings of MAC Notification Param...

Страница 174: ...Part 7 Configuring 802 1Q VLAN CHAPTERS 1 Overview 2 802 1Q VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 175: ...d all VLAN traffic remains within its VLAN It reduces the influence of broadcast traffic in Layer 2 network to the whole network To enhance network security Devices from different VLANs cannot achieve...

Страница 176: ...se steps 1 Configure PVID Port VLAN ID of the port 2 Configure the VLAN including creating a VLAN and adding the configured port to the VLAN 2 1 Using the GUI 2 1 1 Configuring the PVID of the Port Ch...

Страница 177: ...ongs to VLAN Check details of the VLAN which the port is in 2 1 2 Configuring the VLAN Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Figure 2 2 Configuring V...

Страница 178: ...he valid values are from 2 to 4094 for example 2 3 5 Step 3 name descript Optional Specify a VLAN description for identification descript The length of the description should be 1 to 16 characters Ste...

Страница 179: ...The number or the list of the Ethernet port that you want to configure Step 3 switchport pvid vlan id Configure the PVID of the port s By default it is 1 vlan id The default VLAN ID of the port with...

Страница 180: ...an list tagged untagged Add the port to the specified VLAN and specify its egress rule in this VLAN vlan id The default VLAN ID of the port with the values between 1 and 4094 tagged untagged Egress ru...

Страница 181: ...Guide 158 Configuring 802 1Q VLAN 802 1Q VLAN Configuration Link Type General Member in VLAN Vlan Name Egress rule 1 System VLAN Untagged 2 rd Tagged Switch config if end Switch copy running config s...

Страница 182: ...r department 3 2 Configuration Scheme Divide computers in Department A and Department B into two VLANs respectively so that computers can communicate with each other in the same department but not wit...

Страница 183: ...witch 1 is connected to port 1 0 8 on Switch 2 Figure 3 1 Network Topology VLAN 10 VLAN 20 Host A1 Host A2 Host B1 Host B2 Switch 1 Switch 2 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 6 Gi1 0 7 Gi1 0 8 Demonstrate...

Страница 184: ...for Department A 2 Click Create again to load the following page Create VLAN 20 with the description of Department B Add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to VLAN 20 Then...

Страница 185: ...port mode of port 1 0 2 and port 1 0 3 as Untagged and then add port 1 0 2 to VLAN 10 and add port 1 0 3 to VLAN 20 Switch_1 config interface gigabitEthernet 1 0 2 Switch_1 config if switchport genera...

Страница 186: ...ing 802 1Q VLAN Configuration Example Configuration Guide 163 Gi1 0 5 Gi1 0 6 Gi1 0 7 Gi1 0 8 Gi1 0 49 Gi1 0 50 Gi1 0 51 Gi1 0 52 10 Department A active Gi1 0 2 Gi1 0 4 20 Department B active Gi1 0 3...

Страница 187: ...1Q VLAN Appendix Default Parameters 4 Appendix Default Parameters Default settings of 802 1Q VLAN are listed in the following table Table 4 1 Default Settings of 802 1Q VLAN Parameter Default Setting...

Страница 188: ...Part 8 Configuring MAC VLAN CHAPTERS 1 Overview 2 MAC VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 189: ...even when their access ports change The figure below shows a common application scenario of MAC VLAN Figure 1 1 Common Application Scenario of MAC VLAN Meeting Room 1 Laptop A Laptop B Meeting Room 2...

Страница 190: ...g to the data packet and forward it within the VLAN If no the switch will continue to match the data packet with the matching rules of other VLANs such as the protocol VLAN If there is a match the swi...

Страница 191: ...er the VLAN ID to bind it to the VLAN MAC Address Enter the MAC address of the device The address should be in 00 00 00 00 00 01 format Description Give a MAC address description for identification wi...

Страница 192: ...figuring MAC VLAN create an 802 1Q VLAN and set the port type according to network requirements For details refer to Configuring 802 1Q VLAN 2 2 2 Binding the MAC Address to the VLAN Follow these step...

Страница 193: ...fig 2 2 3 Enabling MAC VLAN for the Port Follow these steps to enable MAC VLAN for the port Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port...

Страница 194: ...mple shows how to enable MAC VLAN for port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if mac vlan Switch config if show mac vlan interface Port STATUS Gi1 0 1 E...

Страница 195: ...top A 00 19 56 8A 4C 71 Laptop B 00 19 56 82 3B 70 Meeting Room 2 Switch 3 Gi1 0 3 Gi1 0 2 Gi1 0 2 Gi1 0 2 Gi1 0 1 Gi1 0 1 Gi1 0 5 Gi1 0 4 Switch 1 Switch 2 Server B VLAN 20 Server A VLAN 10 3 2 Confi...

Страница 196: ...UI and using the CLI 3 3 Using the GUI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are similar The following introductions take Switch 1 as an example 1 Choose...

Страница 197: ...to load the following page Enter MAC Address Description VLAN ID and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Figure 3 4 MAC VLAN Con...

Страница 198: ...hoose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 4 as untagged port and ports 1 0 2 3 as tagged ports to VLAN 10 Click Apply Figu...

Страница 199: ...take Switch 1 as an example 1 Create VLAN 10 for Department A and create VLAN 20 for Department B Switch_1 configure Switch_1 config vlan 10 Switch_1 config vlan name deptA Switch_1 config vlan exit...

Страница 200: ...copy running config startup config Configurations for Switch 3 1 Create VLAN 10 for Department A and create VLAN 20 for Department B Switch_3 configure Switch_3 config vlan 10 Switch_3 config vlan nam...

Страница 201: ...running config startup config Verify the Configurations Switch 1 Switch_1 show mac vlan all MAC Address Description VLAN 00 19 56 8A 4C 71 PCA 10 00 19 56 82 3B 70 PCB 20 Switch 2 Switch_2 show mac vl...

Страница 202: ...Configuration Guide 179 4 Appendix Default Parameters Default settings of MAC VLAN are listed in the following table Table 4 1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None D...

Страница 203: ...Part 9 Configuring Protocol VLAN CHAPTERS 1 Overview 2 Protocol VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 204: ...corresponding VLANs Since different applications and services use different protocols network administrators can use protocol VLAN to manage the network based on specific applications and services of...

Страница 205: ...for the protocol VLAN matching the protocol type value of the packet If MAC VLAN is also configured the switch will first process MAC VLAN If there is a match the switch will insert the corresponding...

Страница 206: ...Frame Type Select the frame type of the new protocol template For T1600G 18TS the supported frame type is Ethernet II and cannot be configured Ether Type When the frame type is Ethernet II or SNAP ent...

Страница 207: ...rotocol Name Select the protocol type VLAN ID Enter the ID of the 802 1Q VLAN to be bound to the protocol type 2 In the Protocol Group Member section select the port or LAG to add to the protocol grou...

Страница 208: ...ssap_type Create a protocol template protocol name Specify the protocol name with 1 to 8 characters type Specify the Ethernet protocol type with 4 hexadecimal numbers It ranges from 0600 to FFFF dsap...

Страница 209: ...D of the 802 1Q VLAN where the port with protocol VLAN enabled is index Protocol template index Step 4 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthern...

Страница 210: ...T SNAP ether type 809B 6 IPv6 EthernetII ether type 86DD Switch config protocol vlan vlan 10 template 6 Switch config end Switch copy running config startup config The following example shows how to a...

Страница 211: ...ngs to VLAN 20 and these hosts access the network via Switch 1 Switch 2 is connected to two routers to access the IPv4 network and IPv6 network respectively The routers belong to VLAN 10 and VLAN 20 r...

Страница 212: ...VLANs to form protocol groups and add port 1 0 1 to the groups For Switch 1 configure 802 1Q VLAN according to the network topology Demonstrated with T1600G 28TS this chapter provides configuration p...

Страница 213: ...guring Protocol VLAN Configuration Example 2 Click Create to load the following page Create VLAN 20 and add ports 1 0 2 3 as untagged ports to VLAN 20 Click Apply Figure 3 3 Create VLAN 20 3 Click Sav...

Страница 214: ...n Guide 191 Configurations for Switch 2 1 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 1 as tagged port and port 1 0 2 as un...

Страница 215: ...LAN 20 Click Apply Figure 3 5 Create VLAN 20 3 Choose the menu VLAN Protocol VLAN Protocol Template to load the following page Enter IPv6 in the protocol name select the Ethernet II frame type enter 8...

Страница 216: ...te 4 Choose the menu VLAN Protocol VLAN Protocol Group to load the following page Select the IP protocol name that is the IPv4 protocol template enter VLAN ID 10 select port 1 and click Apply Select t...

Страница 217: ...ng page Here you can view the protocol VLAN configuration Figure 3 9 Protocol VLAN configuration 6 Click Save Config to save the settings 3 4 Using the CLI Configurations for Switch 1 1 Create VLAN 10...

Страница 218: ...witchport general allowed vlan 20 untagged Switch_1 config if exit Switch_1 config end Switch_1 copy running config startup config Configurations for Switch 2 1 Create VLAN 10 and VLAN 20 Switch_2 con...

Страница 219: ...r type 0800 2 ARP EthernetII ether type 0806 3 RARP EthernetII ether type 8035 4 IPX SNAP ether type 8137 5 AT SNAP ether type 809b 6 IPv6 Ethernet II ether type 86dd 5 Configure the protocol groups S...

Страница 220: ...6 Gi1 0 27 Gi1 0 28 10 IPv4 active Gi1 0 1 Gi1 0 3 20 IPv6 active Gi1 0 2 Gi1 0 3 Switch 2 Verify 802 1Q VLAN configuration Switch_2 show vlan VLAN Name Status Ports 1 System VLAN active Gi1 0 1 Gi1 0...

Страница 221: ...ult settings of Protocol VLAN are listed in the following table Table 4 1 Default Settings of Protocol VLAN Parameter Default Setting Protocol Template Table 1 IP Ethernet II ether type 0800 2 ARP Eth...

Страница 222: ...Part 10 Configuring Spanning Tree CHAPTERS 1 Spanning Tree 2 STP RSTP Configurations 3 MSTP Configurations 4 STP Security Configurations 5 Configuration Example for MSTP 6 Appendix Default Parameters...

Страница 223: ...on STP RSTP RSTP Rapid Spanning Tree Protocol provides the same features as STP But RSTP also provides much faster spanning tree convergence MSTP MSTP Multiple Spanning Tree Protocol also provides the...

Страница 224: ...of a 2 byte priority and a 6 byte MAC address The priority is allowed to be configured manually on the switch and the switch with the lowest priority value will be elected as the root bridge If the p...

Страница 225: ...ected port with spanning tree function enabled Port Status Generally in STP the port status includes Blocking Listening Learning Forwarding and Disabled Blocking In this status the port receives and s...

Страница 226: ...bled with spanning tree function but not connected to any device Path Cost The path cost reflects the link speed of the port The smaller the value the higher link speed the port has The path cost can...

Страница 227: ...s section will introduce some concepts only exist in MSTP Figure 1 3 MSTP Topology region 1 region 3 region 4 CST IST Blocked Port region 2 MST Region An MST region consists of multiple interconnected...

Страница 228: ...Internal Spanning Tree which is a special MST instance with an instance ID of 0 By default all the VLANs are mapped to IST CST The Common Spanning Tree which is the spanning tree connects all MST reg...

Страница 229: ...y if the port does not receive any higher priority BDPUs it will transit to its normal state BPDU Protect BPDU Protect function is used to prevent the port from receiving BPUDs It is recommended to en...

Страница 230: ...maliciously sends a large number of TC BPDUs to a switch in a short period the switch will be busy with removing MAC address entries which may decrease the performance and stability of the network Wi...

Страница 231: ...ach switch plays in a spanning tree To avoid any possible network flapping caused by STP RSTP parameter changes you are suggested to enable STP RSTP function globally after configuring the relevant pa...

Страница 232: ...onfigure it if the spanning tree mode is STP RSTP Edge Port Enable or disable Edge Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port i...

Страница 233: ...ort is not participating in the spanning tree Port Status Displays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and dr...

Страница 234: ...default value is 2 Max Age Specify the maximum time the switch can wait without receiving a BPDU before attempting to regenerate a spanning tree The valid values are from 6 to 40 in seconds and the d...

Страница 235: ...STP MSTP Specify the spanning tree mode as MSTP 2 1 3 Verifying the STP RSTP Configurations Verify the STP RSTP information of your switch after all the configurations are finished Choose the menu Spa...

Страница 236: ...not displayed when you choose the spanning tree mode as STP RSTP Designated Bridge Displays the bridge ID of the designated bridge The designated bridge is the switch that has designated ports Root P...

Страница 237: ...disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge port point to point a...

Страница 238: ...ward Delay The valid values are from 4 to 30 in seconds and the default value is 15 Forward Delay is the time for the port to transit its state after the network topology is changed hello time Specify...

Страница 239: ...e State Mode Priority Hello Time Fwd Time Max Age Hold Count Max Hops Enable Rstp 36864 2 12 20 5 20 Switch config end Switch copy running config startup config 2 2 3 Enabling STP RSTP Globally Follow...

Страница 240: ...is enabled Spanning tree s mode RSTP 802 1w Rapid Spanning Tree Protocol Latest topology change time 2006 01 02 10 04 02 Root Bridge Priority 32768 Address 00 0a eb 13 12 ba Local bridge is the root b...

Страница 241: ...he role that each switch plays in a spanning tree To avoid any possible network flapping caused by MSTP parameter changes you are suggested to enable MSTP function globally after configuring the relev...

Страница 242: ...ST Edge Port Enable or disable Edge Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is re...

Страница 243: ...isplays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and drops the other packets Blocking The port only receives BPDUs...

Страница 244: ...nstance Instance Config to load the following page Figure 3 3 Configuring the VLAN Instance Mapping Follow these steps to map VLANs to the corresponding instance and configure the priority of the swit...

Страница 245: ...tch with the lower value has the higher priority and the switch with the highest priority will be elected as the root bridge in the desired instance VLAN ID Enter the VLAN ID mapped to the correspondi...

Страница 246: ...g page Figure 3 4 Configuring Port Parameters in the Instance Follow these steps to configure port parameters in the instance 1 In the Instance ID Select section select the desired instance ID for its...

Страница 247: ...will be elected as the root of the desired instance Port Role Displays the role that the port plays in the desired instance Root Port Indicates the port is the root port Designated Port Indicates the...

Страница 248: ...ghest priority will be elected as the root bridge Hello Time Specify the interval to send BPDUs The valid values are from 1 to 10 in seconds and the default value is 2 Max Age Specify the maximum time...

Страница 249: ...2 Forward Delay 1 Max Age 2 In the Global Config section enable Spanning Tree function and choose the STP mode as MSTP and click Apply Spanning Tree Enable or disable spanning tree function globally...

Страница 250: ...formation of CIST Spanning Tree Displays the status of the spanning tree function Spanning Tree Mode Displays the spanning tree mode Local Bridge Displays the bridge ID of the local switch The local b...

Страница 251: ...onal Root Bridge Displays the bridge ID of the root bridge in the desired instance Internal Path Cost Displays the internal path cost It is the root path cost from the current switch to the regional r...

Страница 252: ...By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge por...

Страница 253: ...Configuring the MST Region Follow these steps to configure the MST region and the priority of the switch in the instance Step 1 configure Enter global configuration mode Step 2 spanning tree mst inst...

Страница 254: ...instance instance id interface fastEthernet port gigabitEthernet port port channel lagid Optional View the related information of MSTP Instance digest Display digest calculated by instance vlan map in...

Страница 255: ...o 240 which are divisible by 16 and the default value is 128 The port with the lower value has the higher priority In the same condition the port with the highest priority will be elected as the root...

Страница 256: ...able 32 Auto Auto No No auto N A N A LnkDwn MST Instance 5 Interface Prio Cost Role Status Gi1 0 3 144 200 N A LnkDwn Switch config if end Switch copy running config startup config 3 2 3 Configuring G...

Страница 257: ...m number of BPDU packets transmitted per Hello Time interval value Specify the maximum number of BPDU packets transmitted per Hello Time interval The valid values are from 1 to 20 pps and the default...

Страница 258: ...globally Step 1 configure Enter global configuration mode Step 2 spanning tree mode mstp Configure the spanning tree mode as MSTP mstp Specify the spanning tree mode as MSTP Step 3 spanning tree Enabl...

Страница 259: ...ss 00 0a eb 13 23 97 Regional Root Bridge Priority 36864 Address 00 0a eb 13 12 ba Local bridge is the regional root bridge Local Bridge Priority 36864 Address 00 0a eb 13 12 ba Interface State Prio E...

Страница 260: ...P Configurations Configuration Guide 237 Priority 32768 Address 00 0a eb 13 12 ba Interface Prio Cost Role Status Gi 0 16 128 200000 Altn Blk Gi 0 20 128 200000 Mstr Fwd Switch config end Switch copy...

Страница 261: ...the Loop Protect function Configure the Root Protect function Configure the TC Protect function Configure the BPDU Protect function Configure the BPDU Filter function 4 1 Using the GUI 4 1 1 Configur...

Страница 262: ...e this function on the ports of non root switches For T1600G 18TS with TC protect function enabled when the switch receives TC BPDUs it will not process the TC BPDUs at once The switch will wait for 5...

Страница 263: ...1 to 10 to specify the TC Protect Cycle The default value is 5 4 2 Using the CLI 4 2 1 Configuring the STP Security Follow these steps to configure the Root protect feature BPDU protect feature and BP...

Страница 264: ...spanning tree bpduguard Optional Enable the BPDU Protect function on the port It is It is recommended to enable this function on edge ports BPDU Protect function is used to prevent the edge port from...

Страница 265: ...s By default it is 5 Step 3 interface fastEthernet port gigabitEthernet port range gigabitEthernet port list port channel port channel range port channel port channel list Enter interface configuratio...

Страница 266: ...Switch config interface gigabitEthernet 1 0 3 Switch config if spanning tree guard tc Switch config if show spanning tree interface security gigabitEthernet 1 0 3 Interface BPDU Filter BPDU Guard Loop...

Страница 267: ...een the switches is 100Mb s the default path cost of the port is 200000 It is required that traffic in VLAN 101 VLAN 103 and traffic in VLAN 104 VLAN 106 should be transmitted along different paths Fi...

Страница 268: ...t is as the root bridge in instance 1 configure the priority of Switch C as 0 to set is as the root bridge in instance 2 4 Configure the path cost to block the specified ports For instance 1 set the p...

Страница 269: ...hoose the menu Spanning Tree MSTP Instance Region Config to load the following page Set the region name as 1 and the revision level as 100 Figure 5 4 Configuring the MST Region 3 Choose the menu Spann...

Страница 270: ...Example for MSTP Configuration Guide 247 Figure 5 5 Configuring the VLAN Instance Mapping 4 Choose the menu Spanning Tree MSTP Instance Instance Port Config to load the following page Set the path cos...

Страница 271: ...xample for MSTP Figure 5 6 Configure the Path Cost of Port 1 0 1 In Instance 1 5 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally here we le...

Страница 272: ...B 1 Choose the menu Spanning Tree STP Config Port Config to load the following page Enable the spanning tree function on port 1 0 1 and port 1 0 2 Here we leave the values of the other parameters as...

Страница 273: ...MSTP Instance Instance Config to load the following page Map VLAN101 VLAN103 to instance 1 map VLAN104 VLAN106 to instance 2 Figure 5 10 Configuring the VLAN Instance Mapping 4 Choose the menu Spannin...

Страница 274: ...for MSTP Configuration Guide 251 Figure 5 11 Configuring the Priority of Switch B in Instance 1 5 Choose the menu Spanning Tree MSTP Instance Instance Port Config to load the following page Set the p...

Страница 275: ...ample for MSTP Figure 5 12 Configure the Path Cost of Port 1 0 2 in Instance 2 6 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally Here we le...

Страница 276: ...e the menu Spanning Tree STP Config Port Config to load the following page Enable the spanning tree function on port 1 0 1 and port 1 0 2 Here we leave the values of the other parameters as default se...

Страница 277: ...MSTP Instance Instance Config to load the following page Map VLAN101 VLAN103 to instance 1 map VLAN104 VLAN106 to instance 2 Figure 5 16 Configuring the VLAN Instance Mapping 4 Choose the menu Spanni...

Страница 278: ...Priority of Switch C in Instance 2 5 Choose the menu Spanning Tree STP Instance STP Config to load the following page Enable MSTP function globally here we leave the values of the other global parame...

Страница 279: ...on name as 1 the revision number as 100 map VLAN101 VLAN103 to instance 1 map VLAN104 VLAN106 to instance 2 Switch config spanning tree mst configuration Switch config mst name 1 Switch config mst rev...

Страница 280: ...vlan 101 103 Switch config mst instance 2 vlan 104 106 Switch config mst exit Switch config spanning tree mst instance 1 priority 0 3 Configure the spanning tree mode as MSTP then enable spanning tre...

Страница 281: ...e mode as MSTP then enable spanning tree function globally Switch config spanning tree mode mstp Switch config spanning tree Switch config end Switch copy running config startup config Verify the Conf...

Страница 282: ...MST Instance 2 Root Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Internal Cost 200000 Root Port 2 Designated Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Local Bridge Priority 32768 Address 00 0a eb 13...

Страница 283: ...Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000 Desg Fwd Verify the configurations of Switch B in instance 2 Switch config show spanning tree mst instance 2 MST Instance 2 Root Bridge Priority 0 Addres...

Страница 284: ...200000 Root Port 2 Designated Bridge Priority 0 Address 00 0a eb 13 12 ba Local Bridge Priority 32768 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128...

Страница 285: ...tion Guide 262 Configuring Spanning Tree Configuration Example for MSTP Local Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000...

Страница 286: ...Default Setting Spanning tree Disable Mode STP CIST Priority 32768 Hello Time 2 seconds Max Age 20 seconds Forward Delay 15 seconds TxHoldCount 5 pps Max Hops 20 hops Table 6 2 Default Settings of the...

Страница 287: ...Configuration Guide 264 Configuring Spanning Tree Appendix Default Parameters Parameter Default Setting Port Priority 128 Path Cost Auto...

Страница 288: ...iguring Layer 2 Multicast CHAPTERS 1 Layer 2 Multicast 2 IGMP Snooping Configurations 3 Configuring MLD Snooping 4 Viewing Multicast Snooping Configurations 5 Configuration Examples 6 Appendix Default...

Страница 289: ...oint to multipoint network multicast technology not only transmits data with high efficiency but also saves a large bandwidth and reduces network load In practical applications Internet information pr...

Страница 290: ...ast packets 1 2 Supported Layer 2 Multicast Protocols Layer 2 Multicast protocol for IPv4 IGMP Snooping On the Layer 2 device IGMP Snooping transmits data on demand on data link layer by analyzing IGM...

Страница 291: ...the following page Figure 2 1 IGMP Snooping Global Config Enabling IGMP Snooping Globally Before configuring functions related to IGMP Snooping enable IGMP Snooping globally first 1 Select Enable to...

Страница 292: ...eport message to Layer 3 devices and suppress subsequent IGMP report messages from the same multicast group during one query interval which reduces the number of IGMP packets 2 Click Apply Configuring...

Страница 293: ...an IGMP leave message the switch obtains the address of the multicast group that the host wants to leave from the message Then the switch sends out MASQs to this multicast group through the port rece...

Страница 294: ...port 1 Select the port to be configured and select Enable under the IGMP Snooping column 2 Click Apply Optional Configuring Fast Leave With Fast Leave enabled on a port the switch will remove this po...

Страница 295: ...ring IGMP Snooping in the VLAN Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Figure 2 3 IGMP Snooping in VLAN Configuring IGMP Snooping Globally in the VLAN In the VLA...

Страница 296: ...VLAN 1 Configure the router ports in the designate VLAN VLAN ID Specify the VLAN to be configured Static Router Ports Select one or more ports to be the static router ports in the VLAN All multicast d...

Страница 297: ...figuring 802 1Q VLAN 2 Enable Multicast VLAN configure the specific VLAN to be the multicast VLAN and configure the Router Port Time and Member Port Time Multicast VLAN Select Enable to enable multica...

Страница 298: ...w source IP address The switch will replace the source IP in the IGMP multicast data sent by the multicast VLAN with the IP address you enter 2 Click Apply Viewing Dynamic Router Ports in the Multicas...

Страница 299: ...gure the querier 1 Specify a VLAN and configure the querier on this VLAN VLAN ID Specify the VLAN to be configured Query Interval Enter the interval between general query messages sent by the querier...

Страница 300: ...to create a profile and configure its filtering mode 1 Create a profile and configure its filtering mode Profile ID Enter a profile ID between 1 and 999 Mode Select Permit or Deny as the filtering mo...

Страница 301: ...er ports to join specific multicast groups Deny similar to a blacklist means that the switch disallows specific member ports to join specific multicast groups Start IP Specify the Start IP of the mult...

Страница 302: ...t the port to be bound Port Displays the port number Profile ID Enter the profile ID you create to bind the profile to the port One port can only be bound to one profile ClearBinding Click to clear th...

Страница 303: ...group Drop Drop all subsequent membership report messages and the port will not join any new multicast groups Replace Replace the existing multicast group owning the lowest multicast MAC address with...

Страница 304: ...led enter the interval between each refresh The valid values are from 3 to 300 seconds 2 Click Apply Viewing IGMP Statistics The IGMP Statistics table displays all kinds of IGMP statistics of all the...

Страница 305: ...ng 2 Click Apply Configuring IGMP Authentication on the Port To use this function you should also enable AAA globally and configure RADIUS server on the switch Follow these steps to enable IGMP Authen...

Страница 306: ...t the static member is in VLAN ID Specify the VLAN that the static member is in Forward Port Specify one or more ports to be the static member port in the multicast group Without aging the static memb...

Страница 307: ...tep 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list port channel port channel id range...

Страница 308: ...fig startup config 2 2 3 Configuring IGMP Snooping Parameters Globally Configuring Report Message Suppression Step 1 configure Enter global configuration mode Step 2 ip igmp snooping report suppressio...

Страница 309: ...tication Accounting Disable Enable Port Enable VLAN Switch config if end Switch copy running config startup config Configuring Unknown Multicast Step 1 configure Enter global configuration mode Step 2...

Страница 310: ...w ip igmp snooping IGMP Snooping Enable Unknown Multicast Discard Last Query Times 2 Last Query Interval 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Globa...

Страница 311: ...me 200 Switch config ip igmp snooping mtime 200 Switch config show ip igmp snooping IGMP Snooping Enable Unknown Multicast Pass Last Query Times 2 Last Query Interval 1 Global Member Age Time 200 Glob...

Страница 312: ...in the configuration file The following example shows how to enable Fast Leave on port 1 0 3 Switch configure Switch config ip igmp snooping Switch config interface gigabitEternet 1 0 3 Switch config...

Страница 313: ...n the specified port s or of all the ports Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows h...

Страница 314: ...copy running config startup config Save the settings in the configuration file The following example shows how to configure the last listener query count as 5 and the last listener query interval as...

Страница 315: ...an vlan id Show the basic IGMP snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration f...

Страница 316: ...orts in the specified VLAN Step 3 show ip igmp snooping vlan vlan id Show the basic IGMP snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running conf...

Страница 317: ...onfiguration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to en...

Страница 318: ...the static IGMP snooping configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how...

Страница 319: ...C mode Step 4 copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN set the router port time as 500 s...

Страница 320: ...copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN and set port 1 0 5 as the static router port Sw...

Страница 321: ...tep 5 copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN and set port 1 0 6 as the forbidden route...

Страница 322: ...fig startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN and replace the source IP in the IGMP packets sent by the switc...

Страница 323: ...igmp snooping querier VLAN 4 Maximum Response Time 10 Query Interval 60 General Query Source IP 192 168 0 1 Switch config end Switch copy running config startup config Configuring Query Interval Max R...

Страница 324: ...ral query source IP as 192 168 0 1 Switch configure Switch config ip igmp snooping Switch config ip igmp snooping querier vlan 4 query interval 100 Switch config ip igmp snooping querier vlan 4 max re...

Страница 325: ...ctively Step 5 show ip igmp profile id Show the detailed IGMP profile configuration Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configu...

Страница 326: ...copy running config startup config Save the settings in the configuration file The following example shows how to bind Profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to 226 0...

Страница 327: ...ooping interface gigabitEthernet port authentication Show the IGMP authentication status of the specified port or of all the ports Step 6 end Return to privileged EXEC mode Step 5 copy running config...

Страница 328: ...Step 1 configure Enter global configuration mode Step 2 ip igmp snooping accounting Enable IGMP Accounting globally Step 3 show ip igmp snooping Show the global IGMP snooping configuration Step 4 end...

Страница 329: ...fig Figure 3 1 MLD Snooping Global Config Enabling MLD Snooping Globally Before configuring functions related to MLD Snooping enable MLD Snooping globally first 1 Select Enable to enable MLD Snooping...

Страница 330: ...yer 3 devices and suppress subsequent MLD report messages from the same multicast group during one query interval which reduces the number of MLD packets 2 Click Apply Configuring Router Port Time and...

Страница 331: ...an MLD leave message the switch obtains the address of the multicast group that the host wants to leave from the message Then the switch sends out MASQs to this multicast group through the port receiv...

Страница 332: ...ort 1 Select the port to be configured and select Enable under the MLD Snooping column 2 Click Apply Optional Configuring Fast Leave With Fast Leave enabled on a port the switch will remove this port...

Страница 333: ...uring MLD Snooping in the VLAN Choose the menu Multicast MLD Snooping VLAN Config to load the following page Figure 3 3 MLD Snooping in VLAN Configuring MLD Snooping Globally in the VLAN In the VLAN C...

Страница 334: ...N 1 Configure the router ports in the designate VLAN VLAN ID Specify the VLAN to be configured Static Router Ports Select one or more ports to be the static router ports in the VLAN All multicast data...

Страница 335: ...guring 802 1Q VLAN 2 Enable Multicast VLAN configure the specific VLAN to be the multicast VLAN and configure the Router Port Time and Member Port Time Multicast VLAN Select Enable to enable multicast...

Страница 336: ...source IP address The switch will replace the source IP in the MLD multicast data sent by the multicast VLAN with the IP address you enter 2 Click Apply Viewing Dynamic Router Ports in the Multicast V...

Страница 337: ...ure the querier 1 Specify a VLAN and configure the querier on this VLAN VLAN ID Specify the VLAN to be configured Query Interval Enter the interval between general query messages sent by the querier T...

Страница 338: ...create a profile and configure its filtering mode 1 Create a profile and configure its filtering mode Profile ID Enter a profile ID between 1 and 999 Mode Select Permit or Deny as the filtering mode...

Страница 339: ...s to edit profile mode and its IP range 1 Click Edit in the MLD Profile Info table Edit its IP range and click Add to save the settings Figure 3 7 Add IP range 2 In the IP range Table you can select a...

Страница 340: ...g to load the following page Figure 3 8 Profile Binding Binding Profile and Member Ports Follow these steps to bind the profile to the port 1 Select the port to be bound and enter the Profile ID in th...

Страница 341: ...rt to be configured Max Group Enter the number of multicast groups the port can join The valid values are from 0 to 1000 Overflow Action Select the action towards the new multicast group when the numb...

Страница 342: ...figuring Auto Refresh Follow these steps to configure auto refresh 1 Enable or disable Auto Refresh Auto Refresh If Auto Refresh is enabled statistics of MLD packets on this page will refresh automati...

Страница 343: ...1 Enter the Multicast IP and VLAN ID Specify the Static Member Port Multicast IP Specify the multicast group that the static member is in VLAN ID Specify the VLAN that the static member is in Forward...

Страница 344: ...ter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list port channel port channel id range port channe port c...

Страница 345: ...ssion Step 1 configure Enter global configuration mode Step 2 ipv6 mld snooping report suppression Enable Report Message Suppression globally If this function is enabled the switch will only forward t...

Страница 346: ...drop unknown Configure the way how the switch processes the multicast data from unknown multicast groups as Discard Unknown multicast groups are multicast groups whose destination multicast address i...

Страница 347: ...MLD Snooping Parameters on the Port Configuring Router Port Time and Member Port Time Step 1 configure Enter global configuration mode Step 2 ipv6 mld snooping rtime rtime ipv6 mld snooping mtime mtim...

Страница 348: ...rt list gigabitEthernet port range gigabitEthernet port list port channel port channel id range port channe port channel list Enter interface configuration mode Step 3 ipv6 mld snooping immediate leav...

Страница 349: ...gigabitEthernet port range gigabitEthernet port list port channel port channel id range port channe port channel list Enter interface configuration mode Step 3 ipv6 mld snooping max groups maxgroup E...

Страница 350: ...ace gigabitEthernet 1 0 3 max groups Port Max Groups Overflow Action Gi1 0 3 500 Drop Switch config if end Switch copy running config startup config 3 2 5 Configuring MLD Snooping Last Listener Query...

Страница 351: ...l Router Age Time 300 Global Report Suppression Disable Enable Port Enable VLAN Switch config end Switch copy running config startup config 3 2 6 Configuring MLD Snooping Parameters in the VLAN Config...

Страница 352: ...2 3 mtime 400 Switch config show ipv6 mld snooping vlan 2 Vlan Id 2 Router Time 500 Member Time 400 Static Router Port None Dynamic Router Port None Forbidden Router Port None Switch config show ipv6...

Страница 353: ...port interface gigabitEthernet 1 0 2 Switch config show ipv6 mld snooping vlan 2 Vlan Id 2 Router Time 0 Member Time 0 Static Router Port Gi1 0 2 Dynamic Router Port None Forbidden Router Port None Sw...

Страница 354: ...r Time 0 Member Time 0 Static Router Port None Dynamic Router Port None Forbidden Router Port Gi1 0 4 6 Switch config end Switch copy running config startup config Configuring Static Multicast Multica...

Страница 355: ...nd Switch copy running config startup config 3 2 7 Configuring MLD Snooping Parameters in the Multicast VLAN Configuring Router Port Time and Member Port Time Step 1 configure Enter global configurati...

Страница 356: ...lace Source IP Static Router Port None Dynamic Router Port None Forbidden Router Port None Switch config end Switch copy running config startup config Configuring Static Router Port Step 1 configure E...

Страница 357: ...outer Port None Forbidden Router Port None Switch config end Switch copy running config startup config Configuring Forbidden Router Port Step 1 configure Enter global configuration mode Step 2 ipv6 ml...

Страница 358: ...t None Dynamic Router Port None Forbidden Router Port Gi1 0 6 Switch config end Switch copy running config startup config Configuring Replace Source IP Step 1 configure Enter global configuration mode...

Страница 359: ...cast Vlan Enable Vlan Id 5 Router Time 300 Member Time 260 Replace Source IP fe80 2ff ffff fe00 1 Static Router Port None Dynamic Router Port None Forbidden Router Port None Switch config end Switch c...

Страница 360: ...response time general query source ip ip addr vlan id specifies the VLAN where the querier is interval is the interval between general query messages sent by the querier response time is the host s ma...

Страница 361: ...config startup config 3 2 9 Configuring Multicast Filtering Creating Profile Step 1 configure Enter global configuration mode Step 2 ipv6 mld profile id Create a new profile and enter profile configu...

Страница 362: ...234 8 Switch config mld profile show ipv6 mld profile MLD Profile 1 deny range ff01 1234 5 ff01 1234 8 Switch config end Switch copy running config startup config Binding Profile to the Port Step 1 co...

Страница 363: ...mld snooping Switch config ipv6 mld profile 1 Switch config mld profile deny Switch config mld profile range ff01 1234 5 ff01 1234 8 Switch config mld profile exit Switch config interface gigabitEthe...

Страница 364: ...ticast Multicast Table IPv4 Multicast Table to view all valid Multicast IP VLAN Port entries Figure 4 1 IPv4 Multicast Table Search Option Search Option Search for specific multicast entries by using...

Страница 365: ...tat Displays settings of IGMP Snooping on the port s port port list specifies the port s to display basic config max groups packet stat displays the related IGMP configuration information show ip igmp...

Страница 366: ...tics of all IGMP packets 4 2 2 Viewing IPv6 Multicast Snooping Configurations show ipv6 mld snooping Displays global settings of MLD Snooping show ipv6 mld snooping interface fastEthernet port port li...

Страница 367: ...dynamic displays information of all dynamic multicast groups dynamic count displays the number of dynamic multicast groups static displays information of all static multicast groups static count displ...

Страница 368: ...n in the following topology Host B Host C and Host D are connected to port 1 0 1 port 1 0 2 and port 1 0 3 respectively Port 1 0 4 is the router port connected to the multicast querier Figure 5 1 Netw...

Страница 369: ...he GUI and using the CLI 5 1 3 Using the GUI 1 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping globally and keep the default values in the Route...

Страница 370: ...Configuration Guide 347 Figure 5 3 Enable IGMP Snooping on the Ports 3 Choose the menu VLAN 802 1Q VLAN VLAN Config to load the following page Create VLAN 10 and add Untagged port 1 0 1 3 and Tagged...

Страница 371: ...to load the following page Configure the PVID of port 1 0 1 4 as 10 Figure 5 5 Create VLAN and Add Member Ports 5 Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Enable...

Страница 372: ...ping on port 1 0 1 4 Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range ip igmp snooping Switch config if range exit 3 Create VLAN 10 Switch config vlan 10 Switch config vlan...

Страница 373: ...in VLAN 10 Switch config ip igmp snooping vlan config 10 7 Save the settings Switch config end Switch copy running config startup config Verify the Configurations Show members in the VLAN Switch confi...

Страница 374: ...roup 225 1 1 1 5 2 2 Configuration Scheme Create a multicast VLAN and add the router port and ports connected to multicast members to the multicast VLAN In this case all multicast data will only be pr...

Страница 375: ...40 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T1600G 52TS this section provides configuration procedures in two ways using the GUI and using the CLI 5 2 4 Using the GUI 1 Choose...

Страница 376: ...Examples Configuration Guide 353 Figure 5 8 Configure IGMP Snooping Globally 2 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping on port 1 0 1 4...

Страница 377: ...1Q VLAN VLAN Config to load the following page Create VLAN 40 and add Untagged port 1 0 1 4 to VLAN 40 Figure 5 10 Configure Link Type 4 Choose the menu VLAN 802 1Q VLAN Port Config to load the follo...

Страница 378: ...ticast VLAN to load the following page Enable Multicast VLAN and configure VLAN 40 as the multicast VLAN Keep Router Port Time and Member Port Time as 0 Figure 5 12 Create Multicast VLAN 6 Click Save...

Страница 379: ...al allowed vlan 10 untagged Switch config if range exit Switch config interface gigabitEthernet 1 0 4 Switch config if switchport general allowed vlan 10 tagged Switch config if exit 5 Set the PVID of...

Страница 380: ...val 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Global Authentication Accounting Disable Enable Port Gi1 0 1 4 Enable VLAN Multicast VLAN 10 5 3 Example f...

Страница 381: ...o avoid Host B from receiving irrelevant multicast data the user can enable Fast Leave on port 1 0 2 and enable Unknown Multicast globally To change channel Host B sends a leave message about leaving...

Страница 382: ...ng and MLD Snooping share the setting of Unknown Multicast so you have to enable MLD Snooping globally on the Multicast MLD Snooping Snooping Config page at the same time 2 Choose the menu Multicast I...

Страница 383: ...r 2 Multicast Configuration Examples Figure 5 15 Configure IGMP Snooping Globally 3 Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Enable IGMP Snooping in VLAN 10 Figur...

Страница 384: ...igabitEthernet 1 0 2 Switch config if ip igmp snooping Switch config if ip igmp snooping immediate leave Switch config if exit Switch config interface gigabitEthernet 1 0 4 Switch config if ip igmp sn...

Страница 385: ...t D only receive multicast data sent to 225 0 0 1 while Host B receives all multicast data except the one sent from 225 0 0 2 5 4 2 Configuration Scheme With the functions for managing multicast group...

Страница 386: ...AN 10 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T1600G 52TS this section provides configuration procedures in two ways using the GUI and using the CLI 5 4 4 Using the GUI 1 Choo...

Страница 387: ...nfiguring Layer 2 Multicast Configuration Examples Figure 5 18 Configure IGMP Snooping Globally 2 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Figure 5 19 Enable...

Страница 388: ...e menu VLAN 802 1Q VLAN VLAN Config to load the following page Create VLAN 10 and add Untagged port 1 0 1 3 and Tagged port 1 0 4 to VLAN 10 Figure 5 20 Configure Link Type 4 Choose the menu VLAN 802...

Страница 389: ...n Examples Figure 5 21 Create VLAN and Add Member Ports 5 Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Enable IGMP Snooping in VLAN 10 Keep 0 as the Router Port Time...

Страница 390: ...6 Specify the multicast data that Host C and Host D can receive a Choose the menu Multicast IGMP Snooping Profile Config to load the following page Create Profile 1 select Permit as the Mode and clic...

Страница 391: ...the following page Select port 1 0 2 and port 1 0 3 enter 1 in the Profile ID field and click Apply to bind Profile 1 to these ports Figure 5 25 Bind Profile 1 to Port 1 0 2 and Port 1 0 3 7 Specify...

Страница 392: ...ollowing page In the IGMP Profile Info table click Edit in the Profile 2 entry enter 225 0 0 2 in both Start IP and End IP fields and click Add Figure 5 27 Edit Add IP range in Profile 2 c Choose the...

Страница 393: ...igmp snooping 2 Enable IGMP Snooping on port 1 0 1 4 Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range ip igmp snooping Switch config if range exit 3 Create VLAN 10 Switch c...

Страница 394: ...mode as permit and add an IP range with both start IP and end IP being 225 0 0 1 Switch config ip igmp profile 1 Switch config igmp profile permit Switch config igmp profile range 225 0 0 1 225 0 0 1...

Страница 395: ...g IGMP Snooping Enable Unknown Multicast Pass Last Query Times 2 Last Query Interval 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Global Authentication Acc...

Страница 396: ...0 seconds Last Listener Query Interval 1 second Last Listener Query Count 2 IGMP Snooping Settings on the Port IGMP Snooping Disabled Fast Leave Disabled IGMP Snooping Settings in the VLAN Enable or N...

Страница 397: ...of IGMP Snooping MLD Snooping Disabled Unknown Multicast Forward Report Message Suppression Disabled Router Port Time 300 seconds Member Port Time 260 seconds Last Listener Query Interval 1 second Las...

Страница 398: ...endix Default Parameters Configuration Guide 375 Function Parameter Default Setting IGMP Snooping Querier Enable or Not Disabled Query Interval 60 seconds Max Response Time 10 seconds General Query So...

Страница 399: ...Part 12 Configuring Logical Interfaces CHAPTERS 1 Overview 2 Logical Interfaces Configurations 3 Appendix Default Parameters...

Страница 400: ...o not physically exist such as loopback interfaces and routing interfaces This chapter introduces the configurations for logical interfaces The supported types of logical interfaces are shown as below...

Страница 401: ...tion follow these steps 1 Create a Layer 3 interface 2 Configure IPv6 parameters of the created interface 3 View detailed information of the created interface 2 1 Using the GUI 2 1 1 Creating a Layer...

Страница 402: ...face s Layer 3 capabilities Interface Name Optional Enter the name of the interface 2 In the Interface List section you can view the corresponding interface entry you create 2 1 2 Configuring IPv4 Par...

Страница 403: ...Admin Status Enable or disable the interface s Layer 3 capabilities Interface Name Optional Enter the name of the interface 2 In the Secondary IP Create section configure the secondary IP for the spe...

Страница 404: ...the interface ID IPv6 Enable or disable IPv6 function on the interface of switch 2 Configure the IPv6 link local address of the interface manually or automatically in the Link local Address Config sec...

Страница 405: ...t message Via DHCPv6 Server Enable global address auto configuration via DHCPv6 Server With this option enabled the switch will try to obtain the global address from the DHCPv6 Server Manually Address...

Страница 406: ...bal address 2 1 4 Viewing Detail Information of the Interface In Figure 2 1 you can view the corresponding interface entry you create in the Interface List section On the corresponding interface entry...

Страница 407: ...rnet ports for example 1 0 1 3 1 0 5 no switchport Switch the Layer 2 port into the Layer 3 routed port Create a port channel interface interface range port channel port channel list port channel list...

Страница 408: ...n an IP Address for the interface ip address ip addr mask secondary Configure the IP address and subnet mask for the specified interface manually ip addr Specify thse IP address of the Layer 3 interfa...

Страница 409: ...uding fastEthernet gigabitEthernet ten gigabitEthernet loopback and VLAN interface number Number of the interface Step 3 ipv6 enable Enable the IPv6 function on the speicified Layer 3 interface By def...

Страница 410: ...pv6 addr eui 64 Specify a global IPv6 address with an extended unique identifier EUI in the low order 64 bits of the IPv6 address Specify only the network prefix the last 64 bits are automatically com...

Страница 411: ...s ICMP error messages limited to one every 1000 milliseconds ICMP redirects are enable MTU is 1500 bytes ND DAD is enable number of DAD attempts 1 ND retrans timer is 1000 milliseconds ND reachable ti...

Страница 412: ...ters of the Interface Parameter Default Setting Interface ID VLAN IP Address Mode None Admin Status Enable Recovery mode Auto Table 3 2 Configuring the IPv6 Parameters of the Interface Parameter Defau...

Страница 413: ...13 Configuring Static Routing CHAPTERS 1 Overview 2 IPv4 Static Routing Configuration 3 IPv6 Static Routing Configuration 4 Viewing Routing Table 5 Example for Static Routing 6 Appendix Default Param...

Страница 414: ...ng data packets to the specific destination On a simple network with a small number of devices you only need to configure static routes to ensure that the devices from different subnets can communicat...

Страница 415: ...address of the packets Subnet Mask Specify the subnet mask of the destination IPv4 address Next Hop Specify the IPv4 gateway address to which the packet should be sent next Distance Specify the admin...

Страница 416: ...cols have routes to the same destination only the route that has the shortest distance will be recorded in the IP routing table The valid values are from 1 to 255 and the default value is 1 Step 3 sho...

Страница 417: ...In the IPv6 Static Routing Config section configure corresponding parameters to add an IPv6 static route Then click Create IPv6 Address Specify the destination IPv6 address of the packets Prefix Lengt...

Страница 418: ...strative distance which is a rating of the trustworthiness of the routing information A higher value means a lower trust rating When more than one routing protocols have routes to the same destination...

Страница 419: ...Configuration Guide 396 Configuring Static Routing IPv6 Static Routing Configuration Switch config end Switch copy running config startup config...

Страница 420: ...n Summary section Protocol Displays the type of the route entry Destination Network Displays the destination IP address and subnet mask Next Hop Displays the IPv4 gateway address to which the packet s...

Страница 421: ...a rating of the trustworthiness of a routing information A higher value means a lower trust rating When more than one routing protocols have routes to the same destination only the route which has th...

Страница 422: ...EC mode or any other configuration mode you can use the following command to view IPv6 routing table show ipv6 route static connected View the IPv6 route entries of the specified type If not specified...

Страница 423: ...A as 10 1 1 1 24 the default gateway of host B as 10 1 2 1 24 and configure IPv4 static routes on Switch A and Switch B so that hosts on different network segments can communicate with each other Demo...

Страница 424: ...the subnet mask as 255 255 255 0 and the next hop as 10 1 10 2 For switch B add a static route entry with the destination as 10 1 1 0 the subnet mask as 255 255 255 0 and the next hop as 10 1 10 1 Fig...

Страница 425: ...he destination as 10 1 2 0 the subnet mask as 255 255 255 0 and the next hop as 10 1 10 2 For switch B add a static route entry with the destination as 10 1 1 0 the subnet mask as 255 255 255 0 and th...

Страница 426: ...h B Run the ping command on switch A to verify the connectivity Switch_A ping 10 1 2 1 Pinging 10 1 2 1 with 64 bytes of data Reply from 10 1 2 1 bytes 64 time 16ms TTL 64 Reply from 10 1 2 1 bytes 64...

Страница 427: ...guring Static Routing Appendix Default Parameter 6 Appendix Default Parameter Default setting of static routing is listed in the following table Table 6 1 Configuring Static Routing Parameter Default...

Страница 428: ...Part 14 Configuring DHCP CHAPTERS 1 DHCP 2 DHCP Client Configuration 3 DHCP Relay Configuration 4 Configuration Examples 5 Appendix Default Parameters...

Страница 429: ...ement As the following figure shows the switch acts as a DHCP client and dynamically obtain IP address from the DHCP server Figure 1 1 Application Scenario of DHCP Client Switch DHCP Client DHCP Serve...

Страница 430: ...192 168 2 1 24 and for the routed port Gi1 0 1 is 192 168 3 1 24 With DHCP Interface VLAN configured the switch uses IP address of VLAN 20 192 168 2 1 24 when applying for IP addresses for clients in...

Страница 431: ...dresses for clients in both VLAN 10 and VLAN 20 As a result the DHCP server will assign IP addresses on 192 168 2 0 24 the same subnet with the IP address of the default agent interface to clients in...

Страница 432: ...Select DHCP or BOOTP as the IP Address Mode Set the Admin Status as Enable and enter the Interface Name optional Interface ID Select an interface type and enter the ID of the interface If you select...

Страница 433: ...port channel pid Specify the ID of the port channel Step 3 ip address alloc dhcp bootp Enable DHCP or BOOTP IP address mode dhcp The specified Layer 3 interface can request the DHCP server to dynamic...

Страница 434: ...e gigabitEthernet 1 0 5 Switch config if no switchport Switch config if ip address alloc dhcp Switch config if show ip interface brief Interface IP Address Method Status Protocol Shutdown Gi1 0 5 192...

Страница 435: ...page Figure 3 1 Enable DHCP Relay and Configure Option 82 Follow these steps to enable DHCP Relay and configure Option 82 1 In the Global Config section enable DHCP Relay 2 Optional In the Option 82...

Страница 436: ...4 characters The circuit ID configurations of the switch and the DHCP server should be compatible with each other Remote ID Enter the customized remote ID which contains up to 64 characters The remote...

Страница 437: ...erface that needs to be configured as the default relay agent interface Then click Apply Interface ID Specify the type and ID of the interface that needs to be configured as the default relay agent in...

Страница 438: ...to enable DHCP Relay Step 1 configure Enter global configuration mode Step 2 service dhcp relay Enable DHCP Relay Step 3 show ip dhcp relay Verify the configuration of DHCP Relay Step 4 end Return to...

Страница 439: ...formation circuit id circuit id If the Customization feature is enabled specify the circuit ID circuit id Specify the circuit ID with 1 to 63 characters including digits English letters and underlines...

Страница 440: ...lobal configuration mode Step 2 Enter Layer 3 interface configuration mode interface vlan vid Enter VLAN interface configuration mode vid Specify the ID of the VLAN that will be configured as a DHCP r...

Страница 441: ...n VLAN interface 66 Switch configure Switch config interface vlan 66 Switch config if ip helper address 192 168 1 7 Switch config if show ip dhcp relay DHCP relay helper address is configured on the f...

Страница 442: ...el lagid Enter Port channel configuration mode lagid Specify the ID of the LAG that will be configured as the default relay agent interface Step 3 ip dhcp relay default interface Set the interface as...

Страница 443: ...1 8 on VLAN 10 Switch configure Switch config interface gigabitEthernet 1 0 2 Switch config if ip dhcp relay default interface Switch config if exit Switch config ip dhcp relay vlan 10 helper address...

Страница 444: ...ool The network topology is as the following figure shows Computers in the marketing department belong to VLAN 10 which is connected to the switch via port 1 0 8 The interface address of VLAN 10 is 19...

Страница 445: ...lay and add DHCP server address to each VLAN When these configurations are finished the DHCP server can assign IP addresses to computers in the two departments with each department on one subnet Demon...

Страница 446: ...ce Relay 1 Enable DHCP Relay Switch configure Switch config service dhcp relay 2 Specify the DHCP server for the interface VLAN 10 Switch config interface vlan 10 Switch config if ip helper address 19...

Страница 447: ...tion Guide 424 Configuring DHCP Configuration Examples DHCP relay is enabled DHCP relay helper address is configured on the following interfaces Interface Helper address VLAN10 192 168 0 59 VLAN20 192...

Страница 448: ...Setting DHCP Relay DHCP Relay Disable Option 82 Support Disable Existed Option 82 field Keep Customization Disable Circuit ID None Remote ID None DHCP Interface Relay Interface ID None Server Address...

Страница 449: ...Part 15 Configuring ARP CHAPTERS 1 Overview 2 ARP Configurations...

Страница 450: ...ide 427 1 Overview ARP Address Resolution Protocol is used to map IP addresses to MAC addresses Taking an IP address as input ARP learns the associated MAC address and stores the IP MAC address associ...

Страница 451: ...will be deleted after aging time Static Entry Added manually and will be remained unless modified or deleted manually Choose the menu Routing ARP ARP Table to load the following page Figure 2 1 Viewin...

Страница 452: ...add static ARP Entries In the ARP Config section enter the IP address and MAC address and click Create IP address Specify the IP address MAC address Specify the MAC address 2 2 Using the CLI 2 2 1 Con...

Страница 453: ...rp 192 168 0 1 00 11 22 33 44 55 arpa Switch config show arp 192 168 0 1 Interface Address Hardware Addr Type Vlan1 192 168 0 1 00 11 22 33 44 55 STATIC Switch config end Switch copy running config st...

Страница 454: ...for VLAN interface 2 Switch configure Switch config interface vlan 2 Switch config if arp timeout 1000 Switch config if end Switch copy running config startup config Clearing dynamic entries Step 1 e...

Страница 455: ...nfigurations show ip arp gigabitEthernet port port channel lagid vlan id Verify the active ARP entries associated with a Layer 3 interface port Specify the number of the routed port lagid Specify the...

Страница 456: ...Part 16 Configuring QoS CHAPTERS 1 QoS 2 DiffServ Configuration 3 Bandwidth Control Configuration 4 Configuration Example 5 Appendix Default Parameters...

Страница 457: ...k performance and bandwidth utilization DiffServ The switch classifies the ingress packets maps the packets to different priority queues and then forwards the packets according to specified scheduling...

Страница 458: ...Priority DSCP priority determines the priority of packets based on the ToS Type of Service field in their IP header RFC2474 re defines the ToS field in the IP packet header as DS field The first six b...

Страница 459: ...P Priority to load the following page Figure 2 1 802 1P CoS Mapping Follow these steps to configure the 802 1P Priority 1 Enable 802 1P Priority and click Apply 802 1P Priority Enable the 802 1P Prior...

Страница 460: ...a TC queue that you want the Tag id or CoS id to be mapped to The switch supports 8 TC queues from TC0 for the lowest priority to TC 7 for the highest priority 3 Click Apply Configuring DSCP Priority...

Страница 461: ...ge may indicate the DSCP value included in the packets or the redefined DSCP value by the ACL Remark feature Priority Select a CoS that the DSCP priority will be mapped to The packets are firstly mapp...

Страница 462: ...the port will be mapped to The packets are firstly mapped to CoS then to TC queues according to the CoS id TC mapping relations LAG Displays the aggregation group which the port is in 2 Click Apply No...

Страница 463: ...atio of TC0 to TC7 is 1 2 4 127 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode the switch provides two scheduling groups SP group and WRR group When scheduling queues the switch allo...

Страница 464: ...ect feature the switch maps all the packets that meet the configured ACL rules to the new TC queue regardless of the mapping relations configured in this section 2 2 Using CLI 2 2 1 Configuring Priori...

Страница 465: ...e following example shows how to map CoS2 to TC0 and keep other CoS id TC as default Switch configure Switch config qos queue cos map 2 0 Switch config show qos status 802 1p priority is enabled DSCP...

Страница 466: ...stly mapped to CoS then to TC queues according to the CoS id TC mapping relations dscp list Enter one or more DSCP values which range from 0 to 63 Enter the multiple values in the format of 1 3 5 7 co...

Страница 467: ...1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list port channel lagid range port channel...

Страница 468: ...the settings in the configuration file Note All the ports in the same LAG should be assigned with the same port priority The following example shows how to map port 1 3 to TC1 and keep other mapping r...

Страница 469: ...ually The weight value ratio of all the queues is 1 1 1 1 It is the default schedule mode Step 3 qos queue weight tc id weight value Optional Configure the weight value of each queue after the Schedul...

Страница 470: ...le mode as WRR with the weight values of TC0 to TC7 as 4 7 10 13 16 19 22 25 Switch configure Switch config qos queue mode wrr Switch config qos queue weight 0 4 Switch config qos queue weight 1 7 Swi...

Страница 471: ...each port to avoid network broadcast storm by configuring the Storm Control function 3 1 Using the GUI 3 1 1 Configuring Rate Limit Choose the menu QoS Bandwidth Control Rate Limit to load the follow...

Страница 472: ...ntrol to load the following page Figure 3 2 Storm Control Follow these steps to configure the Storm Control function 1 Select the port s and configure the upper rate limit for forwarding broadcast pac...

Страница 473: ...Specify the upper rate limit in kilo bits per second which ranges from 1 to 1000000 kbps This mode is invalid if PPS is enabled ratio Specify the upper rate limit as a percentage of the bandwidth whic...

Страница 474: ...ant to configure Step 3 bandwidth ingress ingress rate egress egress rate Configure the upper rate limit for the port to receive and send packets ingress rate Configure the upper rate limit for receiv...

Страница 475: ...Control Configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames Step 1 configure Enter global configuration mode Step 2 interface fast...

Страница 476: ...pps mode is disabled on the port storm control broadcast multicast unicast kbps ratio rate broadcast multicast unicast Enable broadcast packets rate limit multicast packets rate limit or unknown unica...

Страница 477: ...rol interface gigabitEthernet 1 0 5 Port BcRate Mcate UlRate LAG Gi1 0 5 pps 148800 pps 0 pps 0 N A Switch config if end Switch copy running config startup config The following example shows how to co...

Страница 478: ...ffic from the Admin is completely forwarded will the traffic from Host A be forwarded The figure below shows the network topology Figure 4 1 QoS Application Topology Server Gi1 0 3 Gi1 0 1 Gi1 0 2 Swi...

Страница 479: ...load the following page and check the corresponding CoS id of TC0 and TC1 Figure 4 2 CoS TC Mapping relations 2 Choose QoS DiffServ Port Priority to load the following page and set the priority for p...

Страница 480: ...e settings 4 4 Using the CLI 1 Check the corresponding CoS id of TC0 and TC1 Switch show qos cos map Tag 0 1 2 3 4 5 6 7 TC TC1 TC0 TC2 TC3 TC4 TC5 TC6 TC7 2 Set the priority for port 1 0 1 to CoS 0 m...

Страница 481: ...ttings Switch config qos queue mode sp Switch config exit Switch copy running config startup config Verify the configuration Verify the port CoS mapping Switch config show qos interface Port CoS Value...

Страница 482: ...Tag id CoS id TC mapping relations For other switches it is enabled See Table 5 2 for Tag id CoS id TC mapping relations DSCP Priority Disabled For T1600G 18TS see Table 5 4 for DSCP TC mapping relat...

Страница 483: ...ters DSCP CoS id 56 63 CoS 7 Table 5 4 DSCP TC Mapping DSCP TC Queues 8 0 7 TC0 8 15 TC1 16 23 TC2 24 31 TC3 32 39 TC4 40 47 TC5 48 55 TC6 56 63 TC7 Bandwidth Control Table 5 5 Bandwidth Control Param...

Страница 484: ...Part 17 Configuring Voice VLAN CHAPTERS 1 Overview 2 Voice VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 485: ...mode is applicable when the switch port forwards voice traffic only You manually add ports connecting IP phones to the voice VLAN then the switch will apply priority rules to ensure the high priority...

Страница 486: ...r a packet is a voice packet An OUI address is the first 24 bits of a MAC address and is assigned as a unique identifier by IEEE Institute of Electrical and Electronics Engineers to a device vendor If...

Страница 487: ...hoose the mode according to your needs and configure the port as the following table shows Table 2 1 Voice VLAN mode and Link Type of the Port Traffic on One Port Voice Traffic Type Suggested Mode Sug...

Страница 488: ...page Figure 2 1 Configuring OUI Addresses Follow these steps to add OUI addresses 1 Enter an OUI address and the corresponding mask and give a description about the OUI address OUI Enter the OUI addr...

Страница 489: ...or the voice VLAN Aging Time Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet Aging time works only for ports in automatic voice VLAN mode The ra...

Страница 490: ...ports to the voice VLAN Auto When a port receives a voice packet whose resource MAC address matches an OUI address the switch automatically adds the port to the voice VLAN If you choose the Auto mode...

Страница 491: ...ce VLAN If necessary make sure the security mode is disabled 3 Click Apply 2 2 Using the CLI Follow these steps to configure the voice VLAN Step 1 configure Enter global configuration mode Step 2 show...

Страница 492: ...specified ports to the voice VLAN when the ports receive voice packets If you choose the auto mode for the specified ports make sure traffic from your voice device is tagged manual You need to manuall...

Страница 493: ...fig vlan 10 Switch config vlan name VoiceVLAN Switch config vlan exit Switch config voice vlan priority 5 Switch config voice vlan 10 Switch config interface gigabitEthernet 1 0 1 Switch config if swi...

Страница 494: ...nd traffic with the voice VLAN tag Voice traffic is transmitted in the voice VLAN and data traffic is transmitted in the default VLAN Set ports that are connected to IP phones in automatic voice VLAN...

Страница 495: ...0 Switch B Gi1 0 2 Gi1 0 1 Gi1 0 1 Switch C Switch A Gi1 0 2 Gi1 0 3 Gi1 0 4 PC 20 Meeting Room Gi1 0 1 Gi1 0 2 Gi1 0 3 IP Phone 10 PC 10 Office Area Demonstrated with T1600G 28TS this chapter provide...

Страница 496: ...3 3 Configuring Voice VLAN Globally 3 Choose the menu QoS Voice VLAN Port Config to load the following page Select port 1 0 1 choose auto mode and enable security mode Select port 1 0 2 and choose ma...

Страница 497: ...Configuring Voice VLAN Configuration Example Figure 3 5 Configuring Voice VLAN Mode on Port 1 0 2 4 Choose the menu VLAN 802 1Q VLAN VLAN Config and edit VLAN 10 to load the following page Add port 1...

Страница 498: ...0 2 to the Voice VLAN 5 Choose the menu LLDP Basic Config Global Config to load the following page Enable LLDP globally Figure 3 7 Enabling LLDP Globally 6 Choose the menu LLDP LLDP MED Global Config...

Страница 499: ...to load the following page Enable LLDP MED on port 1 0 1 Figure 3 9 Configuring LLDP MED on Ports Click Detail of port1 0 1 to load the following page Configure the TLV information which will be carri...

Страница 500: ...LLDP 8 Click Save Config to save the settings Configurations for Switch B 1 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 Figure 3 11 Creatin...

Страница 501: ...menu QoS Voice VLAN Port Config to load the following page Select ports 1 0 1 3 choose manual mode and enable security mode Click Apply Figure 3 13 Configuring Voice VLAN Mode on Ports 4 Choose the m...

Страница 502: ...e 3 14 Adding Ports to the Voice VLAN 5 Click Save Config to save the settings Configurations for Switch C 1 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Cr...

Страница 503: ...g vlan 10 Switch_A config vlan name VoiceVLAN Switch_A config vlan exit 2 Configure the aging time as 1440 minutes for port in automatic voice VLAN mode and set the 802 1p priority of voice packets as...

Страница 504: ...0 1 Switch_A config interface gigabitEthernet 1 0 1 Switch_A config if lldp med status 7 Select all MED TLVs to be carried in LLDP frames and sent out by port 1 0 1 Switch_A config if lldp med tlv se...

Страница 505: ...nge exit Switch_B config interface gigabitEthernet 1 0 3 Switch_B config if switchport general allowed vlan 10 tagged Switch_B config if end Switch_B copy running config startup config Configurations...

Страница 506: ...Auto Disabled Inactive N A Switch B Verify the global configuration of voice VLAN Switch_B show voice vlan Voice VLAN status Enabled VLAN ID 10 Aging Time 1440 Voice Priority 6 Verify the voice VLAN...

Страница 507: ...Configuration Guide 484 Configuring Voice VLAN Configuration Example VLAN Name Status Ports 10 VoiceVlan active Gi1 0 1 Gi1 0 2 Gi1 0...

Страница 508: ...Configuring Voice VLAN Configuration Guide 485...

Страница 509: ...Default Settings of Port Configuration Parameter Default Setting Port Mode Auto Security Mode Disable Member State Inactive Table 4 3 Entries in the OUI Table OUI MASK Description 00 01 e3 00 00 00 f...

Страница 510: ...Part 18 Configuring PoE CHAPTERS 1 PoE 2 PoE Power Management Configurations 3 Time Range Function Configurations 4 Example for PoE Configurations 5 Appendix Default Parameters...

Страница 511: ...power administration disconnect detection and optional power device power classification PSE Power sourcing equipment PSE is a device that provides power for PDs on the Ethernet for example the PoE s...

Страница 512: ...u can also set a profile with the desired parameters and bind the profile to the corresponding ports to quickly configure the PoE parameters 2 1 Using the GUI 2 1 1 Configuring the PoE Parameters Manu...

Страница 513: ...witch will allocate a value as the maximum power that the port can supply automatically Class1 The maximum power that the port can supply is 4W Class2 The maximum power that the port can supply is 7W...

Страница 514: ...iority level for the PoE profile The following options are provided High Middle and Low When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensu...

Страница 515: ...ystem remaining power of the PoE switch 2 In the Port Config section select a profile and bind it to the corresponding ports Click Apply Port Select Specify the port number and click Select to quick s...

Страница 516: ...disable Specify the PoE status for the corresponding port enable disable Enable or disable the PoE function By default it is enable Step 5 power inline priority low middle high Specify the PoE priori...

Страница 517: ...list of Ethernet ports in the format of 1 0 1 3 1 0 5 Step 10 end Return to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file The following ex...

Страница 518: ...rity level for the profile When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs power limit auto class1 class2...

Страница 519: ...6 Switch configure Switch config power profile profile1 supply enable priority middle consumption class2 Switch config show power profile Index Name Status Priority Power Limit w 1 profile1 Enable Mi...

Страница 520: ...urce We recommend that you use Network Time Protocol NTP to synchronize the switch clock For details refer to System Info Configurations in Managing System 3 1 Using the GUI 3 1 1 Creating a Time Rang...

Страница 521: ...ick Add When the Absolute mode is selected the following section will be shown Figure 3 2 Absolute Mode Type Select Absolute time to configure From Time Specify the starting time of the absolute mode...

Страница 522: ...ify the time Holiday Name Specify a name for the holiday time Start Date Specify the starting time of the holiday End Date Specify the ending time of the holiday 2 Click Apply 3 1 3 Viewing the Time R...

Страница 523: ...include Step 4 Use the following command to create a absolute time range absolute from start date to end date Specify the time range in absolute mode start date Specify the starting time of the time...

Страница 524: ...ed if the name is not specified Step 9 end Return to privileged EXEC mode Step 10 copy running config startup config Save the settings in the configuration file The following example shows how to crea...

Страница 525: ...s If the name contains spaces enclose the name in double quotes start date Specify the starting time of the holiday in the format of MM DD end date Specify the ending time of the holiday in the format...

Страница 526: ...ime range desired It ranges from 1 to 16 characters If the name contains spaces enclose the name in double quotes All PoE time range configurations will be displayed if the name is not specified The f...

Страница 527: ...ce time for example from 08 30 to 18 00 You can also set a holiday and make the time range settings not be affected on holiday Then apply the settings to port 1 0 3 and 1 0 4 Port 1 0 1 and 1 0 2 need...

Страница 528: ...Time Range Holiday Config to load the following page Specify a name for the holiday and set the starting date and ending date Figure 4 3 Configure the Holiday 3 Choose the menu PoE PoE Config PoE Con...

Страница 529: ...day exclude Switch_A config time range periodic start 08 30 end 23 00 day of the week 1 5 Switch_A config time range exit 2 Create a holiday Switch_A config power holiday Christmas start date 12 22 en...

Страница 530: ...ation of the time range Switch_A config show power time range Time range entry office time Active holiday exclude number of absolute time 0 01 01 2000 00 00 to 12 31 2099 24 00 by default number of pe...

Страница 531: ...Time Range No Limit PoE Profile None Table 5 2 Default Settings of PoE Profile Parameter Default Setting Profile Name None PoE Status Enable PoE Priority High Power Limit Auto Table 5 3 Default Setti...

Страница 532: ...Part 19 Configuring ACL CHAPTERS 1 ACL 2 ACL Configurations 3 Configuration Example for ACL 4 Appendix Default Parameters...

Страница 533: ...nsures security and high service quality of networks ACL helps to Prevent various network attacks such as attacks caused by IP Internet Protocol and TCP Transmission Control Protocol Manage network ac...

Страница 534: ...s permit or deny If no ACL rule is configured or no matching rule is found the packets will be forwarded without being processed by the ACL 2 1 Using the GUI 2 1 1 Creating an ACL You can create diffe...

Страница 535: ...2 Configuring ACL Rules Add rules to the ACL For details refer to Configuring the MAC ACL Rule Configuring the Standard IP ACL Rule Configuring the Extend IP ACL Rule and Configuring the IPv6 ACL Rule...

Страница 536: ...corresponding bit in the address will be matched D MAC Mask Enter the destination IP address with a mask A value of 1 in the mask indicates that the corresponding bit in the address will be matched 3...

Страница 537: ...sponding bit in the address will be matched 3 Click Apply Configuring the Extend IP ACL Rule Choose the menu ACL ACL Config Extend IP ACL to load the following page Figure 2 4 Creating the Extend IP A...

Страница 538: ...fault is All which indicates that packets of all protocols will be matched S Port D Port Enter the TCP UDP source and destination port if TCP UDP protocol is selected The port number ranges from 0 to...

Страница 539: ...ion IPv6 address with a mask D IP Enter the destination IPv6 address to be matched All types of IPv6 address will be checked You may enter a complete 128 bit IPv6 address but only the first 64 bits wi...

Страница 540: ...cy Creating a Policy Choose th menu ACL Policy Config Policy Create to load the following page Figure 2 7 Creating a Policy Follow these steps to create a policy Enter a Policy Name and click Apply Po...

Страница 541: ...according to your needs An ACL or Policy takes effect only after it is bound to a port or VLAN Configuring the ACL Binding You can bind the ACL to a port or a VLAN The received packets will then be m...

Страница 542: ...a VLAN Select the ACL and enter the VLAN ID and click Apply ACL ID Select an ACL from the drop down list VLAN ID Enter the VLAN ID Configuring the Policy Binding You can bind the Policy to a port or...

Страница 543: ...e menu ACL Policy Binding VLAN Binding to load the following page Figure 2 12 Binding the Policy to a VLAN Follow these steps to bind the Policy to a VLAN Select the ACL and enter the VLAN ID and clic...

Страница 544: ...following page Figure 2 13 Verifying the ACL Binding Verifying the Policy Binding You can view both port binding and VLAN binding entries in the table You can also delete existing entries if needed C...

Страница 545: ...es from 0 to 999 It should not be the same as any existing MAC ACL rule IDs deny permit Specify the operation to be performed with the packets that match the rule By default it is set to permit The pa...

Страница 546: ...ep 3 access list standard acl id rule rule id deny permit sip source ip smask source ip mask dip destination ip dmask destination ip mask Add a rule to the ACL acl id The ID number of the ACL you have...

Страница 547: ...68 1 100 Switch configure Switch config access list create 600 Switch config rule 1 permit sip 192 168 1 100 smask 255 255 255 255 Switch config show access list 600 Standard IP access list 600 rule 1...

Страница 548: ...k of the destination IP address This is required if a destination IP address is entered s port Enter the TCP UDP source port if TCP UDP protocol is selected d port Enter the TCP UDP destination port i...

Страница 549: ...he destination IPv6 address to be matched All types of IPv6 address will be checked You may enter a complete 128 bit IPv6 address but only the first 64 bits will be valid source ip mask Enter the sour...

Страница 550: ...75 1111 3900 2020 sip mask ffff ff ff ffff ffff Switch config end Switch copy running config startup config 2 2 2 Configuring Policy Follow the steps below to create a policy and configure the policy...

Страница 551: ...AN ACL Binding You can bind the ACL to a port or a VLAN The received packets will then be matched and processed according to the ACL rules Step 1 configure Enter global configuration mode Step 2 inter...

Страница 552: ...g if access list bind acl 1 Switch config if exit Switch config interface vlan 4 Switch config if access list bind acl 2 Switch config if show access list bind Index Policy Name Interface VID Directio...

Страница 553: ...bind policy name The name of the policy Step 3 show access list bind Optional View the configuration of binding Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save...

Страница 554: ...he Marketing department are connected to the switch via port 1 0 1 and the server group is connected to the switch via port 1 0 2 Figure 3 1 Network Topology Internet Port1 0 1 Marketing IP 10 10 70 0...

Страница 555: ...packet matches a rule the switch stops the matching process Binding Configuration Apply the Extend IP ACL to a Policy and bind the Policy to port 1 0 1 so that the ACL rules will apply to the Marketin...

Страница 556: ...Rule 1 3 Choose the menu ACL ACL Config Extend ACL to load the the following page Configure rule 2 and rule 3 to permit packets with source IP 10 10 70 0 and destination port TCP 80 http service port...

Страница 557: ...wing page Configure Rule 4 and Rule 5 to permit packets with source IP 10 10 70 0 and with destination port TCP 53 or UDP 53 DNS service port Figure 3 6 Configuring Rule 4 Figure 3 7 Configuring Rule...

Страница 558: ...ollowing page Then create Policy Market Figure 3 9 Creating the Policy 7 Choose the menu ACL Policy Config Action Create to load the the following page Then apply ACL 1600 to Policy Market Figure 3 10...

Страница 559: ...ets with source IP 10 10 70 0 and destination port TCP 80 http service port or TCP 443 HTTPS service port Switch config access list extended 1600 rule 2 permit sip 10 10 70 0 smask 255 255 255 0 proto...

Страница 560: ...g startup config Verify the Configurations Verify the configurations Switch config show access list 1600 Extended IP access list 1600 rule 1 permit sip 10 10 70 0 smask 255 255 255 0 dip 10 10 80 0 dm...

Страница 561: ...ndix Default Parameters For MAC ACL Parameter Default Setting Operation Permit For Standard IP ACL Parameter Default Setting Operation Permit For Extend IP ACL Parameter Default Setting Operation Perm...

Страница 562: ...ERS 1 Network Security 6 802 1X Configuration 2 IP MAC Binding Configurations 7 AAA Configuration 3 DHCP Snooping Configuration 8 Configuration Examples 4 ARP Inspection Configurations 9 Appendix Defa...

Страница 563: ...ng DHCP Snooping DHCP Snooping supports the basic DHCP security feature and the Option 82 feature Basic DHCP Security During the working process of DHCP generally there is no authentication mechanism...

Страница 564: ...erver Administrators can check the location of the DHCP client via option 82 The DHCP server supporting option 82 can also set the distribution policy of IP addresses and the other parameters providin...

Страница 565: ...alicious DoS attack packets and discard them directly Also DoS Defend feature can limit the transmission rate of legal packets When the number of legal packets exceeds the threshold value and may incu...

Страница 566: ...orts but denies the unauthenticated clients Authentication Server The authentication server is usually the host running the RADIUS server program It stores information of clients confirms whether a cl...

Страница 567: ...Configuration Guide 544 Configuring Network Security Network Security Figure 1 3 Network Topology of AAA RADIUS Server Users Switches...

Страница 568: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the related inf...

Страница 569: ...to any feature ARP Detection This entry will be applied to the ARP Detection feature 3 Select the port that is connected to this host 4 Click Bind 2 1 2 Binding Entries Dynamically The binding entries...

Страница 570: ...t IP Address End IP Address Specify an IP range by entering a start and end IP address VLAN ID Specify a VLAN ID 2 In the Scanning Result section select one or more entries and configure the relevant...

Страница 571: ...nd DHCP Snooping DHCP Snooping With DHCP Snooping enabled the switch can monitor the IP address obtaining process of the host and record the IP address MAC address VLAN ID and the connected port numbe...

Страница 572: ...dress and all the collision entries are valid This kind of collision may be caused by the MSTP function Critical The collision entries have the same IP address but different MAC addresses For the coll...

Страница 573: ...rotect type for the entry None indicates this entry will not be applied to ARP Detection arp detection indicates this entry will be applied to ARP Detection arp scanning dhcp snooping Change the sourc...

Страница 574: ...o types of collision status Warning and Critical Warning The collision entries have the same IP address and MAC address and all the collision entries are valid This kind of collision may be caused by...

Страница 575: ...oping after step 1 and step 2 are completed By default the binding entries are applied to ARP Detection Configuration Guidelines DHCP Snooping and DHCP Relay cannot be used at the same time on the swi...

Страница 576: ...Apply 3 1 2 Configuring DHCP Snooping on Ports Choose the menu Network Security DHCP Snooping Port Config to load the following page Figure 3 2 Port Config Follow these steps to configure DHCP Snoopi...

Страница 577: ...pecify the maximum number of DHCP Decline packets that can be forwarded on the port per second The excessive DHCP Decline packets will be discarded LAG Displays the LAG that the port is in 2 Click App...

Страница 578: ...circuit ID configurations of the switch and the DHCP server should be compatible with each other Circuit ID Enter the customized circuit ID which contains up to 64 characters Remote ID Customization...

Страница 579: ...Ethernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list interface port channel port channel id interface range port channel port channel id list Enter interface...

Страница 580: ...0 packets second The default value is 0 which indicates disabling this feature Step 7 show ip dhcp snooping interface gigabitEthernet port port channel port channel id Verify the DHCP Snooping configu...

Страница 581: ...on for the Option 82 field of the DHCP request packets from the Host The following options are provided keep Indicates keeping the Option 82 field of the packets replace Indicates replacing the Option...

Страница 582: ...1 Switch configure Switch config interface gigabitEthernet 1 0 7 Switch config if ip dhcp snooping information option Switch config if ip dhcp snooping information strategy replace Switch config if ip...

Страница 583: ...the illegal ARP packets Before configuring ARP Detection complete IP MAC Binding configuration For details refer to IP MAC Binding Configurations Choose the menu Network Security ARP Inspection ARP De...

Страница 584: ...o configure ARP Defend 1 Select one or more ports and configure the parameters Defend Enable the ARP Defend feature Speed 10 100 pps Specify the maximum number of the ARP packets that can be received...

Страница 585: ...3 Viewing ARP Statistics You can view the number of the illegal ARP packets received on each port which facilitates you to locate the network malfunction and take the related protection measures Choos...

Страница 586: ...low these steps to configure ARP Detection Step 1 configure Enter global configuration mode Step 2 ip arp inspection Globally enable the ARP Detection feature Step 3 interface fastEthernet port range...

Страница 587: ...l ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood Follow these steps to configure ARP Defend Step 1 configure Enter global configuration mode Step 2 interface fastEthe...

Страница 588: ...interface gigabitEthernet 1 0 2 Switch config if ip arp inspection Switch config if ip arp inspection limit rate 20 Switch config if show ip arp inspection interface gigabitEthernet 1 0 2 Port OverSp...

Страница 589: ...config if end Switch copy running config startup config 4 2 3 Viewing ARP Statistics On privileged EXEC mode or any other configuration mode you can use the following command to view ARP statistics s...

Страница 590: ...se both of the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host the host will be trapped in an endless circle of building the initial connect...

Страница 591: ...se the Operation System with bugs cannot correctly process the URG Urgent Pointer of TCP packets the attacker sends this type of packets to the TCP port139 NetBIOS of the host with the Operation Syste...

Страница 592: ...d host is reduced because the Host circularly attempts to build a connection with the attacker ping flood The attacker floods the destination system with Ping packets creating a broadcast storm that m...

Страница 593: ...ve the settings in the configuration file The following example shows how to enable the DoS Defend type named land Switch configure Switch config ip dos prevent Switch config ip dos prevent type land...

Страница 594: ...curity cannot be enabled at the same time Before enabling 802 1X authentication make sure that Port Security is disabled 6 1 Using the GUI 6 1 1 Configuring the RADIUS Server Enable AAA function on th...

Страница 595: ...exchange responses Auth Port Specify the UDP destination port on the RADIUS server for authentication requests The default setting is 1812 Acct Port Specify the UDP destination port on the RADIUS ser...

Страница 596: ...Add New Server Group section specify the name and server type for the new server group and click Add Server Group Specify the name of the new server group Server Type Select the type of the server gro...

Страница 597: ...Configuring the Dot1x List Follow these steps to configure RADIUS server groups for 802 1X authentication and accounting 1 In the Authentication Dot1x Method List section select an existing RADIUS ser...

Страница 598: ...EAP Extensible Authentication Protocol packets is terminated at the switch and the EAP packets are converted to other protocol such as RADIUS packets and transmitted to the authentication server EAP T...

Страница 599: ...ion enable Quiet configure the Quiet timer and click Apply Quiet Enable or disable the Quiet timer Quiet Period Specify the Quiet Period It ranges from 1 to 999 seconds and the default time is 10 seco...

Страница 600: ...t is Auto Auto If this option is selected the port can access the network only when it is authenticated Force Authorized If this option is selected the port can access the network without authenticati...

Страница 601: ...is 1813 Generally the accounting feature is not used in the authentication account management timeout time Specify the time interval that the switch waits for the server to reply before resending The...

Страница 602: ...ctively for authentication and accounting Step 8 show aaa global Optional Verify the global configuration of AAA Step 9 show radius server Optional Verify the configuration of RADIUS server Step 10 sh...

Страница 603: ...Switch config show radius server Server Ip Auth Port Acct Port Timeout Retransmit Shared key 192 168 0 100 1812 1813 5 2 123456 Switch config show aaa group radius1 192 168 0 100 Switch config show aa...

Страница 604: ...cify the ID of the VLAN to be configured as the guest VLAN It must be an existing VLAN with the ID ranging from 2 to 4094 Clients in the guest VLAN can only access resources from specific VLANs Step 5...

Страница 605: ...igure Switch config dot1x system auth control Switch config dot1x auth method pap Switch config show dot1x global 802 1X State Enabled Authentication Method PAP Handshake State Enabled Guest VLAN Stat...

Страница 606: ...6 dot1x port control auto authorized force unauthorized force Configure the control mode for the port By default it is auto auto If this option is selected the port can access the network only when it...

Страница 607: ...f dot1x Switch config if dot1x port method port based Switch config if dot1x port control auto Switch config if show dot1x interface gigabitEthernet 1 0 2 Port State GuestVLAN PortControl PortMethod A...

Страница 608: ...the users in the order they are added The server that is first added to the group has the highest priority and is responsible for authentication under normal circumstances If the first one breaks dow...

Страница 609: ...Global Configuration Follow these steps to globally enable AAA 1 In the Global Config section enable AAA 2 Click Apply 7 1 2 Adding Servers You can add one or more RADIUS TACACS servers on the switch...

Страница 610: ...The default setting is 1813 Usually it is used in the 802 1X feature Retransmit Specify the number of times a request is resent to the server if the server does not respond The default setting is 2 T...

Страница 611: ...The servers running the same protocol are automatically added to the default server group You can add new server groups as needed Choose the menu Network Security AAA Server Group to load the followin...

Страница 612: ...t Then click Add to add this server to the server group Figure 7 6 Add Server to Group 7 1 4 Configuring the Method List A method list describes the authentication methods and their sequence to authen...

Страница 613: ...method List Type Select the authentication type The following options are provided Authentication Login and Authentication Enable Pri1 Pri4 Specify the authentication methods in order The method with...

Страница 614: ...users trying to log in to the switch Enable List Select a previously configured Enable method list This method list will authenticate the users trying to get administrative privileges 2 Click Apply 7...

Страница 615: ...US server the user name should be set as enable and the Enable password is customizable All the users trying to get administrative privileges share this Enable password On TACACS server configure the...

Страница 616: ...nation port on the RADIUS server for authentication requests The default setting is 1812 acct port port id Specify the UDP destination port on the RADIUS server for accounting requests The default set...

Страница 617: ...e server as 192 168 0 10 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 Switch configure Switch config radius server host 192 168 0 10...

Страница 618: ...length will follow By default the encryption type is 0 string is the shared key for the switch and the server which contains 31 characters at most encrypted string is a symmetric encrypted key with a...

Страница 619: ...pe group name Specify a name for the group Step 3 server ip address Add the existing servers to the server group ip address Specify IP address of the server to be added to the group Step 4 show aaa gr...

Страница 620: ...if the previous method does not respond and so on The default methods include radius tacacs local and none None means no authentication is used for login Step 3 aaa authentication enable method list m...

Страница 621: ...fig show aaa authentication enable Methodlist pri1 pri2 pri3 pri4 default local Enable1 radius local Switch config end Switch copy running config startup config 7 2 5 Configuring the AAA Application L...

Страница 622: ...hows how to apply the existing Login method list named Login1 and Enable method list named Enable1 for the application Telnet Switch configure Switch config line telnet Switch config line login authen...

Страница 623: ...d EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method list named Login1 and Enable method...

Страница 624: ...vileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method list named Login1 and Enable...

Страница 625: ...cret 0 password 5 encrypted password Set the Enable password This command uses MD5 encryption 0 and 5 are the encryption type 0 indicates that an unencrypted key will follow 5 indicates that an MD5 en...

Страница 626: ...onfigure the value of enable 15 as the Enable password in the configuration file All the users trying to get administrative privileges share this Enable password Tips The logged in guests can get admi...

Страница 627: ...Figure 8 1 Network Topology Gi1 0 4 Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 5 User 3 88 A9 D4 54 FD C3 192 168 0 33 24 User 1 74 D3 45 32 B6 8D Attacker Illegal DHCP Server User 2 76 D9 33 56 78 A3 Switch A Le...

Страница 628: ...l ARP packets on each port thus to prevent ARP flooding attacks Demonstrated with T1600G 52TS the following sections provide configuration procedure in two ways using the GUI and using the CLI 8 1 3 U...

Страница 629: ...e following page Enter the host name IP address MAC address and VLAN ID of User 3 select ARP Detection as the protect type and select port 1 0 3 on the panel Click Bind Figure 8 4 Manual Binding 4 Cho...

Страница 630: ...the menu Network Security ARP Inspection ARP Detect to load the following page Enable ARP Detection and set ports 1 0 4 as trusted port Click Apply Figure 8 6 ARP Detect 6 Choose the menu Network Secu...

Страница 631: ...igure port 1 0 4 as a trusted port Switch_A config interface gigabitEthernet 1 0 4 Switch_A config if ip dhcp snooping trust Switch_A config if exit 3 Manually bind the entry for User 3 Switch_A confi...

Страница 632: ...fy the configuration of DHCP Snooping Switch_A show ip dhcp snooping Global Status Enable VLAN ID 1 Switch_A show ip dhcp snooping interface Interface Trusted MAC Verify Limit Rate Dec rate LAG Gi1 0...

Страница 633: ...i1 0 2 Enabled 15 N A Normal N A Gi1 0 3 Enabled 15 N A Normal N A Gi1 0 4 Disabled 15 N A N A N A 8 2 Example for 802 1X 8 2 1 Network Requirements The network administrator wants to control access f...

Страница 634: ...r and port 1 0 3 is connected to the Internet Figure 8 8 Network Topology Internet Switch A Authenticator Client Client Gi1 0 1 Gi1 0 2 Gi1 0 3 Client RADIUS Server 192 168 0 10 24 Auth Port 1812 Demo...

Страница 635: ...up Figure 8 11 Create Server Group 4 On the same page select the newly created server group and click edit to load the following page Select 192 168 0 10 from the drop down list and click Add to add t...

Страница 636: ...nfigure the Authentication Method as EAP Enable the Quiet feature and then keep the default authentication settings Figure 8 14 Global Config 7 Choose the menu Network Security 802 1X Authentication P...

Страница 637: ...rt 1812 key 123456 Switch_A config aaa group radius radius1 Switch_A aaa group server 192 168 0 10 Switch_A aaa group exit Switch_A config aaa authentication dot1x default radius1 Switch_A config end...

Страница 638: ...config if no dot1x Switch_A config if exit Switch_A config interface gigabitEthernet 1 0 1 Switch_A config if dot1x Switch_A config if dot1x port method mac based Switch_A config if dot1x port contro...

Страница 639: ...ist Telnet default default Ssh default default Http default default Switch_A show aaa authentication dot1x Methodlist pri1 pri2 pri3 pri4 default radius1 Switch_A show aaa group radius1 192 168 0 10 8...

Страница 640: ...h The IP addresses of the two RADIUS servers are 192 168 0 10 24 and 192 168 0 20 24 the authentication port number is 1812 the shared key is 123456 The overview of configuration on the switch is as f...

Страница 641: ...ADIUS Server 1 on the switch Figure 8 18 Add RADIUS Server 1 3 On the same page configure the Server IP as 192 168 0 20 the Shared Key as 123456 the Auth Port as 1812 and keep the other parameters as...

Страница 642: ...d RADIUS Server 1 to the group Then select 192 168 0 20 from the drop down list and click Add to add RADIUS Server 2 to the group Figure 8 21 Add Servers to Server Group 6 Choose the menu Network Secu...

Страница 643: ...select telnet and configure the Login List as Method Login and Enable List as Method Enable Then click Apply Figure 8 24 Configure AAA Application List 9 Click Save Config to save the settings 8 3 4...

Страница 644: ...authentication method for the Telnet application Switch config line telnet Switch config line login authentication Method Login Switch config line enable authentication Method Enable Switch config li...

Страница 645: ...hod Login RADIUS1 Authentication Enable Methodlist Methodlist pri1 pri2 pri3 pri4 default none Method Enable RADIUS1 Verify the status of the AAA feature and the configuration of the AAA application l...

Страница 646: ...tect Type For Manual Binding None For ARP Scanning None For DHCP Snooping All Table 9 2 DHCP Snooping Parameter Default Setting Global Config DHCP Snooping Disable VLAN ID Disable Port Config Trusted...

Страница 647: ...Defend Disable Speed 15 pps ARP Statistics Auto Refresh Disable Refresh Interval 5 seconds Table 9 4 DoS Defend Parameter Default Setting DoS Defend Disable Table 9 5 802 1X Parameter Default Setting...

Страница 648: ...de Auto Control Type MAC Based Dot1X List Authentication Dot1x Method List List Name default Pri1 radius Accounting Dot1x Method List List Name default Pri1 radius Table 9 6 AAA Parameter Defualt Sett...

Страница 649: ...e two default server groups radius and tacacs Method List Authentication Login Method List List name default Pri1 local Authentication Enable Method List List name default Pri1 none AAA Application Li...

Страница 650: ...Part 21 Configuring LLDP CHAPTERS 1 LLDP 2 LLDP Configurations 3 LLDP MED Configurations 4 Viewing LLDP Settings 5 Viewing LLDP MED Settings 6 Configuration Example 7 Appendix Default Parameters...

Страница 651: ...et Protocol device to access the network VoIP devices can use LLDP MED for auto configuration to minimize the configuration effort 1 2 Supported Features The switch supports LLDP and LLDP MED LLDP all...

Страница 652: ...figurations you can 1 Enable the LLDP feature on the switch 2 Optional Configure the LLDP feature globally 3 Optional Configure the LLDP feature for the interface 2 1 Using the GUI 2 1 1 Global Config...

Страница 653: ...e will send LLDP packets to inform its neighbors If frequent changes occur to the local device LLDP packets will flood After specifying a transmit delay time the local device will wait for a delay tim...

Страница 654: ...port will transmit LLDP packets and process the received LLDP packets Rx_Only The port will only process the received LLDP packets but not transmit LLDP packets Tx_Only The port will only transmit LLD...

Страница 655: ...VLAN which the port is in LA Used to advertise whether the link is capable of being aggregated whether the link is currently in an aggregation and the port ID when it is in an aggregation PS Used to a...

Страница 656: ...hbors The default is 2 seconds reinit delay Specify the amount of time that the local device waits before sending another LLDP packet to its neighbors The default is 2 seconds notify interval Enter th...

Страница 657: ...list ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration mode Step 3 lldp receive Optional Set the mode for the port to receive LLDP packets It is enabled by def...

Страница 658: ...ransmit LLDP packets its notification mode is enabled and the outgoing LLDP packets include all TLVs Switch configure Switch config lldp Switch config interface gigabitEthernet 1 0 1 Switch config if...

Страница 659: ...Configuration Guide 636 Configuring LLDP LLDP Configurations Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes Switch config if end Switch copy running config startup config...

Страница 660: ...to load the following page Figure 3 1 LLDP MED Parameters Config Configure the Fast Start Count and view the current device class Click Apply Fast Start Count Specify the number of successive LLDP ME...

Страница 661: ...3 2 LLDP MED Port Config Follow these steps to enable LLDP MED 1 Select the desired port and enble LLDP MED Click Apply 2 Click Detail to enter the following page Configure the TLVs included in the ou...

Страница 662: ...e Endpoint device in the Location Identification Parameters section Extended Power Via MDI Used to advertise the detailed PoE information including power supply priority and supply status between LLDP...

Страница 663: ...ed fast count count Optional Specify the number of successive LLDP MED frames that the local device sends when fast start mechanism is activated When the fast start mechanism is activated the local de...

Страница 664: ...management all Optional Configure the LLDP MED TLVs included in the outgoing LLDP packets By default the outgoing LLDP packets include all TLVs If LLDP MED Location TLV is selected configure the para...

Страница 665: ...ig lldp Switch config lldp med fast count 4 Switch config interface gigabitEthernet 1 0 1 Switch config if lldp med status Switch config if lldp med tlv select all Switch config if show lldp interface...

Страница 666: ...figurations Configuration Guide 643 LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch config end Switch copy...

Страница 667: ...s 4 Viewing LLDP Settings This chapter introduces how to view the LLDP settings on the local device 4 1 Using GUI 4 1 1 Viewing LLDP Device Info Viewing the Local Info Choose the menu LLDP Device Info...

Страница 668: ...the value of the Chassis ID Port ID Subtype Displays the Port ID type Port ID Displays the value of the Port ID TTL Specify the amount of time the neighbor device should hold the received information...

Страница 669: ...et the Refresh Rate according to your needs Click Apply 2 In the Local Info section select the desired port and view its associated neighbor device information System Name Displays the system name of...

Страница 670: ...In the Global Statistics section view the global statistics of the local device Last Update Displays the time when the statistics updated Total Inserts Displays the latest number of neighbors the loc...

Страница 671: ...ort when receiving LLDP packets TLV Unknowns Displays the total number of the unknown TLVs included in the received LLDP packets 4 2 Using CLI Viewing the Local Info show lldp local information interf...

Страница 672: ...se steps to view LLDP MED local information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according to your needs Click Apply 2 In the LLDP MED Local Info sect...

Страница 673: ...Media Policy Layer 2 Priority Displays the Layer 2 priority used in the specific application Media Policy DSCP Displays the DSCP value used in the specific application Viewing the Neighbor Info Figure...

Страница 674: ...al Info show lldp local information interface fastEthernet port gigabitEthernet port ten gigabitEthernet port View the LLDP details of a specific port or all the ports on the local device Viewing the...

Страница 675: ...he device information using the NMS Figure 6 1 LLDP Network Topology Gi1 0 1 Gi1 0 2 Switch A Switch B PC 6 1 3 Configuration Scheme LLDP can meet the network requirements Enable the LLDP feature glob...

Страница 676: ...ad the following page Set the Admin Status of port Gi1 0 1 to Tx Rx enable Notification Mode and configure all the TLVs included in the outgoing LLDP packets Figure 6 3 LLDP Port Config 6 1 5 Using CL...

Страница 677: ...dp transmit Switch_A config if lldp snmp trap Switch_A config if lldp tlv select all Switch_A config if end Switch_A copy running config startup config Verify the Configurations View LLDP settings glo...

Страница 678: ...Yes Max Frame Size Yes Power Yes LLDP MED Status Disabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes View the Local Info Switch_A sh...

Страница 679: ...gement address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN supported Yes Port and protocol VLAN enabled No VLAN name of VLAN 1...

Страница 680: ...0G 28TS 2 0 Firmware Revision Reserved Software Revision 2 0 0 Build 20160905 Rel 74744 s Serial Number Reserved Manufacturer Name TP Link Model Name T1600G 28TS 2 0 Asset ID unknown View the Neighbor...

Страница 681: ...ss interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN supported Yes Port and protocol VLAN e...

Страница 682: ...t Configure the port which the IP phone is connected with then IP phone can automatically finish its Voice VLAN configuration using the received LLDP MED packets and send tagged voice packets to the s...

Страница 683: ...reate VLAN 10 and name it as Voice VLAN Figure 6 5 Creating a VLAN 2 Enable and configure the Voice VLAN Choose the menu QoS Voice VLAN Global Config enable Voice VLAN and set the VLAN ID to 10 Figure...

Страница 684: ...Configuring LLDP Configuration Example Configuration Guide 661 Figure 6 7 Configuring Voice VLAN Mode on Port 1 0 1 Figure 6 8 Configuring Voice VLAN Mode on Port 1 0 2...

Страница 685: ...Voice VLAN 3 Choose the LLDP Basic Config Global Config to load the following page and enable LLDP globally Figure 6 10 LLDP Global Config 4 Choose the LLDP LLDP MED Global Config to load the followin...

Страница 686: ...12 LLDP MED Port Config Click Detail in the Port 1 0 1 entry to configure TLVs included in the outgoing LLDP MED packets Figure 6 13 LLDP MED Port Config Detail In the Location Identification Paramet...

Страница 687: ...Voice VLAN Switch_A config vlan 10 Switch_A config vlan name Voice_VLAN Switch_A config voice vlan 10 2 Configure the Voice VLAN mode on port Gi1 0 1 as Auto Switch_A config interface gigabitEthernet...

Страница 688: ...Configure the LLDP MED TLVs included in the outgoing LLDP packets Switch_A config if lldp med tlv select all 8 Configure the detailed address of the IP phone Switch_A config if lldp med location civi...

Страница 689: ...VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Exten...

Страница 690: ...pe ipv4 Management address 192 168 0 226 Management address interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port...

Страница 691: ...ID 0 Layer 2 Priority 0 DSCP 0 Location Data Format Civic Address LCI What Switch Country Code CN Language chinese Province State Guangdong County Parish District China City Township Shenzhen Street K...

Страница 692: ...e SEP64A0E714DC54 System description Cisco IP Phone 7931G V4 term default System capabilities supported Bridge Telephone System capabilities enabled Bridge Telephone Management address type ipv4 Manag...

Страница 693: ...Endpoint Class III Application type Voice Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority 5 DSCP 46 Application type Voice Signaling Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority...

Страница 694: ...DP Forward Message Disable Transmit Interval 30 seconds Hold Multiplier 4 Transmit Delay 2 seconds Reinit Delay 2 seconds Notification Interval 5 seconds Fast Start Times 3 Table 7 2 Default LLDP Sett...

Страница 695: ...figuring Maintenance CHAPTERS 1 Maintenance 2 Monitoring the System 3 System Log Configurations 4 Diagnosing the Device 5 Diagnosing the Network 6 Example for Configuring Remote Log 7 Appendix Default...

Страница 696: ...ou can monitor the memory and the CPU utilizations of the switch Log You can check system messages for debugging and network management Device Diagnose You can test the cable connection status cable l...

Страница 697: ...d memory utilizations should be always under 80 and excessive use may result in switch malfunctions For example the switch fails to respond to management requests In similar situations you can monitor...

Страница 698: ...itor and display its CPU utilization rate every four seconds 2 1 2 Monitoring the Memory Choose the menu Maintenance System Monitor Memory Monitor to load the following page Figure 2 2 Monitoing the M...

Страница 699: ...es The following example shows how to monitor the CPU Switch show cpu utilization Unit CPU Utilization No Five Seconds One Minute Five Minutes 1 13 13 13 2 2 2 Monitoring the Memory On privileged EXEC...

Страница 700: ...ions affect the functionality of the switch Alerts 1 Actions must be taken immediately The memory utilization reaches the limit Critical 2 Cause analysis or actions must be taken immediately The memor...

Страница 701: ...Log Table page It will be lost when the switch is restarted Log File indicates the flash sector for saving system log The information in the log file will not be lost after the switch is restarted and...

Страница 702: ...nd severity Host IP Specify an IP address for the log host UDP Port Displays the UDP port that receives and sends the log information And the switch uses the standard port 514 Severity Specify the sev...

Страница 703: ...the exact time when the log event occurs you need to configure the system time on the System System Info System Time Web management page Module Select a module from the drop down list to display the...

Страница 704: ...he frequency ranging from 1 to 48 hours By default the synchronization process takes place every 24 hours immediate The system log file in the buffer will be synchronized to the flash immediately This...

Страница 705: ...y monitor the settings and operation status of other devices through the log host idx Enter the index of the log host The switch supports 4 log hosts at most host ip Specify the IP address for the log...

Страница 706: ...its IP address as 192 168 0 148 and allow logs of levels 0 to 5 to be sent to the host Switch configure Switch config logging host index 2 192 168 0 148 5 Switch config show logging loghost Index Host...

Страница 707: ...interval between two cable tests for one port must be more than 3 seconds Pair Displays the Pair number Status Displays the cable status Test results include normal close open and crosstalk Normal The...

Страница 708: ...e diagnostics of the connected Ethernet Port port Enter the port number in 1 0 1 format to check the result of the cable test show cable diagnostics careful interface gigabitEthernet port View the cab...

Страница 709: ...the Ping Test Choose the menu Maintenance Network Diagnose Ping to load the following page Figure 5 1 Configuring the Ping Test Follow these steps to test the connectivity between the switch and anoth...

Страница 710: ...milliseconds 2 In the Ping Result section check the test results 5 1 2 Configuring the Tracert Test Choose the menu Maintenance Network Diagnose Tracert to load the following page Figure 5 2 Configuri...

Страница 711: ...testing The values are from 1 to 10 times the default is 4 times l count Specify the size of the sending data for ping testing The values are from 1 to 1500 bytes the default is 64 bytes i count Spec...

Страница 712: ...ipv6 The type of the IP address for tracert test should be IPv6 ip_addr Enter the IP address of the destination device If the parameter ip ipv6 is not selected both IPv4 and IPv6 addresses are support...

Страница 713: ...the remote log to receive system logs from monitored devices Make sure the switch and the PC are reachable to each other configure a log server that complies with the syslog standard on the PC and set...

Страница 714: ...re the remote log host Switch configure Switch config logging host index 1 1 1 0 1 5 Switch config end Switch copy running config startup config Verify the Configurations Switch show logging loghost I...

Страница 715: ...Log Buffer Immediately Status of Log File Disabled Severity of Log File Level_3 Sync Periodic of Log File 24 hours Table 7 2 Default Settings of Remote Log Parameter Default Setting Host IP 0 0 0 0 UD...

Страница 716: ...Part 23 Configuring SNMP RMON CHAPTERS 1 SNMP Overview 2 SNMP Configurations 3 Notification Configurations 4 RMON Overview 5 RMON Configurations 6 Configuration Example 7 Appendix Default Parameters...

Страница 717: ...uthentication and Privacy Based on Community Name Based on Community Name Supported authentication and privacy modes are as follows Authentication MD5 SHA Privacy DES Trap Supported Supported Supporte...

Страница 718: ...reate an SNMP group and specify the access rights 4 Create SNMP users and configure the authentication mode privacy mode and corresponding passwords Choose SNMPv1 or SNMPv2c 1 Enable SNMP 2 Create an...

Страница 719: ...NMP engine on the switch 3 In the Remote Engine section configure the remote engine ID Click Apply Remote Engine ID Set the ID of the remote SNMP manager with 10 to 64 hexadecimal digits If no remote...

Страница 720: ...IB objects that have the same view name MIB Object ID Enter a MIB Object ID to specify a specific function of the device For specific ID rules refer to the device related MIBs View Type Set the view t...

Страница 721: ...e group is SNMPv1 In this mode community name match is used for authentication You can configure the community name on the SNMP community page v2c The security model of the group is SNMPv2 In this mod...

Страница 722: ...hese steps to create an SNMP user 1 Specify the user name user type and the group which the user belongs to Set the security model according to the related parameters of the specified group If you cho...

Страница 723: ...rivacy mode are applied to check and encrypt packets 2 If you have chosen authNoPriv or authPriv as the security level you need to set corresponding Auth Mode or Privacy Mode If not skip the step Auth...

Страница 724: ...MPv1 and SNMPv2c the community name match is used for authentication Access Specify the access right to the related view The default is read only read only The NMS can view but not modify parameters o...

Страница 725: ...receives inform messages from Switch Note that the switch will automatically generate a local engine ID if the ID is not set or is deleted Step 4 show snmp server Displays the global settings of SNMP...

Страница 726: ...e view to determine objects to be managed Step 1 configure Enter global configuration mode Step 2 snmp server view name mib oid include exclude Configure the view name Enter a view name with 1 to 16 c...

Страница 727: ...ig show snmp server view No View Name Type MOID 1 viewDefault include 1 2 viewDefault exclude 1 3 6 1 6 3 15 3 viewDefault exclude 1 3 6 1 6 3 16 4 viewDefault exclude 1 3 6 1 6 3 18 5 View include 1...

Страница 728: ...evel cannot be configured read view Set the view as read only And then the NMS can view parameters of the specified view write view Set the view as write only And then the NMS can modify parameters of...

Страница 729: ...noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode security level cannot be configured none MD5 SHA Choose an authentication algorithm which is only for the user of SNMPv3...

Страница 730: ...ssword Step 1 configure Enter global configuration mode Step 2 snmp server community name read only read write mib view Configure the community name Enter a group name with 1 to 16 characters read onl...

Страница 731: ...ON SNMP Configurations Switch config snmp server community nms monitor read write View Switch config show snmp server community Index Name Type MIB View 1 nms monitor read write View Switch config end...

Страница 732: ...Optional Enabling the DDM Trap and Optional Enabling the Link status Trap 3 1 Using the GUI Choose the menu SNMP Notification Notification Config to load the following page Figure 3 1 Notification Con...

Страница 733: ...the SNMP version If you choose the Inform type you need to set retry times and timeout interval Type Choose a notification type for the NMS that uses SNMPv2c or SNMPv3 the default type is Trap Trap Se...

Страница 734: ...zation and no encryption authNoPriv authorization and no encryption authPriv authorization and encryption The defaut is noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode...

Страница 735: ...2 snmp server traps snmp linkup linkdown warmstart coldstart auth failure Configure parameters of basic traps supported on the switch linkup When a port status changes from linkdown to linkup the swit...

Страница 736: ...artup config Save the settings in the configuration file The following example shows how to configure the switch to send linkup traps Switch configure Switch config snmp server traps snmp linkup Switc...

Страница 737: ...stems table maintenance polls lldp topologychange A notification generated by the local device to sense the change in the topology that indicates a new remote device attached to a local port or a remo...

Страница 738: ...running config startup config Optional Enabling the DDM Trap Step 1 configure Enter global configuration mode Step 2 snmp server traps ddm temperature voltage bias_current tx_power rx_power Enable SNM...

Страница 739: ...Trap Step 1 configure Enter global configuration mode Step 2 snmp server traps security dhcp snoop Enable illegal DHCP server trap to send SNMP trap message when untrusted port has received DHCP Serve...

Страница 740: ...rnet ports that you desire to configure notification traps Step 3 snmp server traps link status Enable SNMP extended linkup and linkdown traps By default it is disabled Step 4 end Return to privileged...

Страница 741: ...ork device The NMS is usually a host that runs the management software to manage Agents of network devices And the Agent is usually a switch or router that collects traffic statistics such as total pa...

Страница 742: ...ory group Configuring the event group Configuring the alarm group Configuration Guidelines To ensure that the NMS receives notifications normally please complete configurations of SNMP and SNMP Notifi...

Страница 743: ...Set the entry as valid or underCreation By default it is valid Valid The entry is created and valid underCreation The entry is created but invalid 5 1 2 Configuring History Choose the menu SNMP RMON H...

Страница 744: ...set the status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable Th...

Страница 745: ...status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable The entry...

Страница 746: ...t the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry Sample Type Set the sampling method of the specified variable the default is absolute...

Страница 747: ...ing the CLI 5 2 1 Configuring Statistics Step 1 configure Enter global configuration mode Step 2 rmon statistics index interface gigabitEthernet port ten gigabitEthernet port owner owner name status u...

Страница 748: ...fig end Switch copy running config startup config 5 2 2 Configuring History Step 1 configure Enter global configuration mode Step 2 rmon history index interface fastEthernet port gigabitEthernet port...

Страница 749: ...settings in the configuration file The following example shows how to create a history entry on the switch to monitor port 1 0 1 Set the sample interval as 100 seconds max buckets as 50 and the owner...

Страница 750: ...notifications to the NMS and log notify indicates the switch records the event and sends notifications to the NMS owner name Enter the owner name of the entry with 1 to 16 characters The default name...

Страница 751: ...ns occur collision means the collision times in the network segment 64 65 127 128 255 256 511 512 1023 1024 10240 means total packets of the specified size absolute delta Choose the sampling mode The...

Страница 752: ...e type as Absolute the rising threshold as 3000 the related rising event entry index as 1 the falling threshold as 2000 the related falling event index as 2 the alarm type as all the notification inte...

Страница 753: ...number of packets transmitted and received is below the threshold 6 2 Configuration Scheme 1 Set a limit on the rate of the specified ports and then enable SNMP on Switch A Configure SNMP and Notifica...

Страница 754: ...to reach one another Figure 6 1 Network Topology Gi1 0 1 NMS Switch B Switch A IP 172 168 1 222 Gi1 0 2 Gi1 0 3 Demonstrated with T1600G 28TS this chapter provides configuration procedures in two way...

Страница 755: ...SNMP view as View set MIB Object ID as 1 which means all functions and set the view type as Include Click Create Figure 6 3 SNMP View Configuration 3 Choose SNMP SNMP Config SNMP Group to load the fo...

Страница 756: ...hose of the group nms monitor Choose SHA authentication algorithm and DES privacy algorithm and set corresponding passwords Click Create Figure 6 5 User Config 5 Choose SNMP Notification Notification...

Страница 757: ...ng commands under the CLI configuration mode Switch enable Enter Privileged EXEC Mode Switch config Enter global configuration mode Switch config snmp server traps bandwidth control Enable Bandwitch c...

Страница 758: ...val as 100 seconds Max Buckets as 50 the owner of the entries as monitor and the status as Enable Figure 6 9 History Configuration 3 Choose the menu SNMP RMON Event to load the following page Configur...

Страница 759: ...entry ID as 1 which is the notify type the falling threshold as 2000 the associated falling event entry ID as 2 which is the log type the alarm type as all the interval as 10 seconds the owner name as...

Страница 760: ...slev authPriv cmode SHA cpwd 1234 emode DES epwd 1234 5 To configure Notification specify the IP address of the NMS host and UDP port Set the User Security Model and Security Level according to confi...

Страница 761: ...ed falling event entry ID as 2 the log type the alarm type as all the interval as 10 seconds and the owner name as monitor For entry 2 set the associated statistics entry ID as 2 bound to port 1 0 2 w...

Страница 762: ...ote engine ID 123456789a Verify SNMP view configurations Switch config show snmp server view No View Name Type MOID 1 viewDefault include 1 2 viewDefault exclude 1 3 6 1 6 3 15 3 viewDefault exclude 1...

Страница 763: ...hPriv inform 3 100 Verify RMON statistics configurations Switch config show rmon statistics Index Port Owner State 1 Gi1 0 1 monitor valid 2 Gi1 0 2 monitor valid Verify RMON history configurations Sw...

Страница 764: ...Index State 1 Enabled Statistics index 1 Alarm variable BPkt Sample Type Absolute RHold REvent 3000 1 FHold FEvent 2000 2 Alarm startup All Interval 10 Owner monitor Index State 2 Enabled Statistics i...

Страница 765: ...Table 7 2 Default SNMP View Settings Parameter Default Setting View Name None MIB Object ID None View Type Include Table 7 3 Default SNMP View Table Settings View Name View Type MIB Object ID viewDefa...

Страница 766: ...Privacy Password None Table 7 6 Default Community Settings Parameter Default Setting Community Name None Access read only MIB View viewDefault Default settings of Notification are listed in the follow...

Страница 767: ...0 1 Interval 1800 seconds Max Buckets 50 Owner monitor Status Disable Table 7 10 Default Settings for Event Entries Parameter Default Setting User public Description None Type None Owner monitor Statu...

Страница 768: ...Configuring SNMP RMON Appendix Default Parameters Configuration Guide 745 Parameter Default Setting Status Disable...

Страница 769: ...ent This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications...

Страница 770: ...on t disassemble the product or make repairs yourself You run the risk of electric shock and voiding the limited warranty If you ne ed service please contact us Avoid water and wet locations CE DOC TP...

Страница 771: ...ctrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its impact on the environ...

Отзывы:

Нет отзывов

Похожие инструкции для TL-SG2424

Бренд: D-Link Страницы: 13

Бренд: E-Lins Страницы: 59

Бренд: E-Lins Страницы: 11

Бренд: E-Lins Страницы: 9

Бренд: E-Lins Страницы: 5

Network Video Recorders

Бренд: e-Line Technology Страницы: 34

Бренд: Patton electronics Страницы: 75

RocketLink-G 3088/I

Бренд: Patton electronics Страницы: 61

Бренд: Patton Страницы: 12

Бренд: Patton Страницы: 84

OnSite 3210 Series

Бренд: Patton Страницы: 110

Бренд: Patton electronics Страницы: 2

SMARTNODE 4110 Series

Бренд: Patton electronics Страницы: 78

Бренд: Patton electronics Страницы: 8

Бренд: Quectel Страницы: 23

Бренд: Schrack Technik Страницы: 2

Бренд: SurfControl Страницы: 2

ApplianceStor 15MT

Бренд: Rasilient Страницы: 30

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды